RE: WLAN Security WPA EAP/TLS. Authentication Failed error

By the way - I used the Midsize Security Guidance - Secure Wireless Access
Point Configuration as a guide to setting up the network.
--
Steve Halvorson
Preferred Credit, Inc


"Jian-Ping Zhu [MSFT]" wrote:

Hello,

Thanks for your post.

It seems that there are some authentication or IAS access policy
configuration issues.

Firstly, I would like to know the following info:

1. How did you configure the Wireless Network? Are you referring to any of
the Microsoft article on securing wireless network? For your convenience, I
include some articles as following:
Providing Secure Wireless Services
<http://www.microsoft.com/technet/itsolutions/smbiz/sitsol/DsgnNwrk_8.mspx>
IEEE 802.1X Authentication for Wireless Connections:
<http://www.microsoft.com/technet/community/columns/cableguy/cg0402.mspx>
To define 802.1X authentication for wireless networks in Group Policy:
<http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/
proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/sta
ndard/proddocs/en-us/define_8021x_inGP.asp>

2. Which authentication protocol the Remote Access Policies are using?
CHAP, MSCHAP, MSCHAP V2, or EAP? Please open IAS, open the Remote Access
Policy, click the Edit Profile button, go to Authentication tab, press
PrScrn key on the keyboard, paste it in MSPAINT application and email to me.

3. If there is and What's the error message it appears on the client
computer when the Wireless connection failed? Please press PrScrn key when
the error message occurs, paste it in MSPAINT applicaiton and email to me.

During IAS access, after the wireless client contacted the AP and sent the
logon credential to the AP, the AP, which is also known as IAS client will
contact the IAS for validation. If the shared secret between the IAS client
matches the one stored in IAS Server, IAS client will then forward the
logon info to the IAS Server for validation. The logon info contains a list
of requirements that must be met to allow access for the user. This list of
requirements can include verification of the password, and it can also
specify whether the user is allowed access.

Regarding this issue, we need to firstly check out if it is a problem about
the communication between IAS Client and the IAS Server or if the issue
occurs on Logon info validation.

So, please do the following and provide me with the log files for research:

1. IAS Logging:
============

Go to IAS Server, go to command prompt and type the following command
"netsh ras set tracing * enable" (without the quotation marks).
Repro the issue and then, compress and email me with the C:\winodws\debug
folder.

2. Networking Edition MPS_Report log:
=============================

Download the Network Edition of MPS_Report tool from
<http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd
915706/MPSRPT_NETWORK.EXE>, run it on the IAS Server. Email me the
%COMPUTERNAME%_MPSReports_.CAB file which is under the
%systemroot%\MPSReports\network\bin\cab directory.

3. Directory Edition of MPS_Report log:
==============================

If the wireless cilent PC is in a domain environment, please download the
Directory Edition of MPS_Report tool from
<http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd
915706/MPSRPT_DirSvc.EXE>, run it on one of your DC. Email me the
%COMPUTERNAME%_MPSReports_.CAB file which is under the
%systemroot%\MPSReports\Setup\Lite\Cab directory.

4. Event log from client computer:
==========================

a. On the wireless client computer, click Start -> Run, type EVENTVWR and
click OK.
b. Right click Application event, select ?Save Log File As???, save it as
.evt file, email it to me.
c. Export the System event log and email to me too.

You can send the log files to me at v-jpzhu@xxxxxxxxxxxxx <mailto:
v-jpzhu@xxxxxxxxxxxxx>.

Thanks for your time and I look forward to hearing from you. : )

Sincerely,
Neo Zhu,
Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


.