--PROBLEM:
The wireless client [Dell notebook] system goes to authenticate with windows 2003 server and it looks like the authentication is making it to the server because we turned logging on and could see that there was some type of hand shaking and access of the active directory for the user and then the system kicks back the following error:
“The client could not be authenticated because the Extensible Authentication Protocol EAP type can not be processed by the server”
We assume it means the windows 2003 server..
We have the following configuration [Complete Event Log Error Listed at the End of This Message]:
--System Configuration
Windows Server 2003 Standard
Configuration:
- Base Server /w Latest MS Updates
- IAS installed
- CA Authority with certificates installed
- This server is part of a multiple-site domain connected through a cisco style VPN connection
- Wireless policy is configured both in Active Directory & the IAS wireless policy component
- There is a wireless group of it given access in the IAS wireless policy we created and the test user has the Dial-In property enabled with “Control Access Through Remote Access Policy” radio button selected.
- The Cisco IP is entered as a radius client under IAS service clients tab and the shared secret password setup.
In the IAS Profile:
- We have all of the authentication methods unchecked, but I think it kicked out the same error whether we had everything checked or not.
- Everything is checked in the Encryption tab
- In the advanced tab we have service of Radius Standard and framed selected
- Server settings determine IP assignment, but I don’t think were even making it that far
- No Dial-in constraints selected
In the Wireless policy in Active Directory:
- Networks to access “Access point [infrastructure only] networks only”
- Preferred Networks the access SSID is listed with network authentication of WPA, data encryption TRIP
- Under IEEE 802.1x tab, EAPOL Start message is “Transmit per IEEE 802.1x”, EAP type is “Protected EAP [PEAP] [under these settings the certificate is correctly selected we believe that was assigned to the server when we created the CA, authentication method is EAP-MSCHAP v2]
Cisco Airoport 1100 Wireless Access Unit
Configuration:
Radius server is set to be the server /w shared secret password setup
PAP, TKIP are enabled on the wireless access point
Dell Notebook:
Configuration
/w wireless adapter enabled for WPA
Error Log Event Properties of the error are:
Source: IAS
Event ID: 2
Type: Warning
NAS IP: 10.10.10.5 [The Cisco Equipment]
Client IP: 10.10.10.5
NAS PORT Type: 802.11
NAS PORT 1042
Proxy-Policy Name: Use Windows authentication for all users
Authentication Provide: Windows
Authentication-Server = <undetermined>
Policy-name = Gws-wireless [this is the policy we created in IAS Server]
Reason Code = 22
Reason:
“The client could not be authenticated because the Extensible Authentication Protocol EAP type can not be processed by the server”
The wireless client [Dell notebook] system goes to authenticate with windows 2003 server and it looks like the authentication is making it to the server because we turned logging on and could see that there was some type of hand shaking and access of the active directory for the user and then the system kicks back the following error:
“The client could not be authenticated because the Extensible Authentication Protocol EAP type can not be processed by the server”
We assume it means the windows 2003 server..
We have the following configuration [Complete Event Log Error Listed at the End of This Message]:
--System Configuration
Windows Server 2003 Standard
Configuration:
- Base Server /w Latest MS Updates
- IAS installed
- CA Authority with certificates installed
- This server is part of a multiple-site domain connected through a cisco style VPN connection
- Wireless policy is configured both in Active Directory & the IAS wireless policy component
- There is a wireless group of it given access in the IAS wireless policy we created and the test user has the Dial-In property enabled with “Control Access Through Remote Access Policy” radio button selected.
- The Cisco IP is entered as a radius client under IAS service clients tab and the shared secret password setup.
In the IAS Profile:
- We have all of the authentication methods unchecked, but I think it kicked out the same error whether we had everything checked or not.
- Everything is checked in the Encryption tab
- In the advanced tab we have service of Radius Standard and framed selected
- Server settings determine IP assignment, but I don’t think were even making it that far
- No Dial-in constraints selected
In the Wireless policy in Active Directory:
- Networks to access “Access point [infrastructure only] networks only”
- Preferred Networks the access SSID is listed with network authentication of WPA, data encryption TRIP
- Under IEEE 802.1x tab, EAPOL Start message is “Transmit per IEEE 802.1x”, EAP type is “Protected EAP [PEAP] [under these settings the certificate is correctly selected we believe that was assigned to the server when we created the CA, authentication method is EAP-MSCHAP v2]
Cisco Airoport 1100 Wireless Access Unit
Configuration:
Radius server is set to be the server /w shared secret password setup
PAP, TKIP are enabled on the wireless access point
Dell Notebook:
Configuration
/w wireless adapter enabled for WPA
Error Log Event Properties of the error are:
Source: IAS
Event ID: 2
Type: Warning
NAS IP: 10.10.10.5 [The Cisco Equipment]
Client IP: 10.10.10.5
NAS PORT Type: 802.11
NAS PORT 1042
Proxy-Policy Name: Use Windows authentication for all users
Authentication Provide: Windows
Authentication-Server = <undetermined>
Policy-name = Gws-wireless [this is the policy we created in IAS Server]
Reason Code = 22
Reason:
“The client could not be authenticated because the Extensible Authentication Protocol EAP type can not be processed by the server”
