Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Communication problem between a lan enforcer and a NPS

Created: 11 Jul 2012 | 3 comments
Alexandre S's picture

Hi,

 

I have an issue regarding communications between a lan enforcer i am setting up and a Microsoft RADIUS server (NPS).

 

The lan enforcer forwards the radius packets to the NPS but it never answers it. Instead I keep having this message in the NPS event logs:

"An Access-Request message was received from RADIUS client x.x.x.x with a message authenticator attribute that is not valid." (event id 18)

 

When i check the debug kernel on the lan enforcer, the radius requests time out and I get "unavailable" as a result for the authentication.

 

I already checked the secret many times.

I have installed a sniffer on the nps. I see the requests from the lan enforcer but no answer is sent.

I do not know where the problem is...

 

SEPM version: 12.1 RU1

Lan enforcer version: 12.1 RU1

NPS is on a 2008 Standard edition.

 

Regards.

 

PS: i already use the nps for wifi

Comments 3 CommentsJump to latest comment

Marc_Bzh's picture

Hi xella,

I found a thread that may help you troubleshooting your issue:
https://www-secure.symantec.com/connect/forums/sepm-work-windows-server-2008-nps-radius

Try to follow the different steps mentioned by CEMILE.

I hope it'll help.

SMLatCST's picture

...you may well need to contac Symantec Support and forward them the packet capture of the proxied auth request coming from the LAN Enforcer.

As per the below MS info, we need to determine what in the request is causing the NPS to drop the request.

http://technet.microsoft.com/en-us/library/cc735343(v=ws.10)

Chuck Edson's picture

On the Windows NPS, did you add the device to the list of devices that can query the server?

If a post helps you, please mark it as the solution to your issue.