LAN Enforcer 6100 Series Appliance Will Not Authenticate Clients When Using Windows 2008 Server

Article:TECH145968  |  Created: 2010-12-10  |  Updated: 2010-12-16  |  Article URL http://www.symantec.com/docs/TECH145968
Article Type
Technical Solution


Issue



Client machines cannot be authenticated via LAN Enforcer 6100 Series Appliance when using Windows 2008 Server as the RADIUS server using NPS.  A repeating log entry is found in the kernel.log.


Error



In this condition, the following repeating log entries are seen in the Enforcer Engineer Level kernel.log:

Nov/12/2010 12:24:24  [  radproxy.c][ 3841]: EAP Identity received!
Nov/12/2010 12:24:24  [  radproxy.c][ 7305]: RadiusProxyGenerateChallengeToSwitch: Client Version=06000000
Nov/12/2010 12:24:24  [  radproxy.c][ 7342]: Directly challenge user host/<FQDN Removed for security> from switch 192.168.100.100
Nov/12/2010 12:24:27  [  radproxy.c][ 3841]: EAP Identity received!
Nov/12/2010 12:24:27  [  radproxy.c][ 7305]: RadiusProxyGenerateChallengeToSwitch: Client Version=06000000
Nov/12/2010 12:24:27  [  radproxy.c][ 7342]: Directly challenge user host/<FQDN Removed for security> from switch 192.168.100.100
Nov/12/2010 12:24:31  [  radproxy.c][ 3841]: EAP Identity received!
 


Environment



Windows 2008 Server with NPS.

Enforcer 6100 Series Appliance in LAN  mode.


Cause



 The LAN Enforcer is not compatible with Windows 2008 Server running NPS prior to version 11.0.6 MP2.  The Enforcer image must be upgraded.


Solution



Update LAN Enforcer to version 11.0.6 MP2 or later.  This can be downloaded from https://fileconnect.symantec.com




Article URL http://www.symantec.com/docs/TECH145968


Terms of use for this information are found in Legal Notices