Network Access Control

Hi,

I have an issue regarding communications between a lan enforcer i am setting up and a Microsoft RADIUS server (NPS).

The lan enforcer forwards the radius packets to the NPS but it never answers it. Instead I keep having this message in the NPS event logs:

"An Access-Request message was received from RADIUS client x.x.x.x with a message authenticator attribute that is not valid." (event id 18)

When i check the debug kernel on the lan enforcer, the radius requests time out and I get "unavailable" as a result for the authentication.

I already checked the secret many times.

I have installed a sniffer on the nps. I see the requests from the lan enforcer but no answer is sent.

I do not know where the problem is...

SEPM version: 12.1 RU1

Lan enforcer version: 12.1 RU1

NPS is on a 2008 Standard edition.

Regards.

PS: i already use the nps for wifi

Hi xella,

I found a thread that may help you troubleshooting your issue:
https://www-secure.symantec.com/connect/forums/sepm-work-windows-server-2008-nps-radius

Try to follow the different steps mentioned by CEMILE.

I hope it'll help.

...you may well need to contac Symantec Support and forward them the packet capture of the proxied auth request coming from the LAN Enforcer.

As per the below MS info, we need to determine what in the request is causing the NPS to drop the request.

http://technet.microsoft.com/en-us/library/cc735343(v=ws.10)

On the Windows NPS, did you add the device to the list of devices that can query the server?