question

Nishuradjamohane-0832 avatar image
0 Votes"
Nishuradjamohane-0832 asked Nishuradjamohane-0832 commented

Not able to register NPS server to active directory

Topology :
I am trying to create a simple TLS connection between a client and server.
Both NPS and active directory are there in the same server.

Issue:
"Register server in Active directory" option is greyed out on the NPS server.Due to which the TLS connection is failing.
In the active dir>RAS and IAS server>member the NPS server is not present.
Also the command "netsh nps add registered server" gives the output "The server is not operational"

The TLS connection is failing with the ID : 6273:
Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
Security ID: S-1-5-21-2918599220-1559750031-3582700202-1109
Account Name: peap@test.espressif.com
Account Domain: TEST
Fully Qualified Account Name: TEST\peap

Client Machine:
Security ID: S-1-0-0
Account Name: -
Fully Qualified Account Name: -
Called Station Identifier: D0-37-45-B9-2B-AF:NISH-TLS
Calling Station Identifier: C8-2B-96-B8-87-70

NAS:
NAS IPv4 Address: -
NAS IPv6 Address: -
NAS Identifier: -
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: -

RADIUS Client:
Client Friendly Name: esp_rpi-5
Client IP Address: 10.0.1.18

Authentication Details:
Connection Request Policy Name: NISH_TLS
Network Policy Name: NISH-TLS
Authentication Provider: Windows
Authentication Server: WIN-TSO77NCTEQ0.test.espressif.com
Authentication Type: EAP
EAP Type: Microsoft: Smart Card or other certificate
Account Session Identifier: 44423835314135444337364545434532
Logging Results: Accounting information was written to the local log file.
Reason Code: 16
Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.


But the PEAP connection is successful with "validate server" option is switched off on the client.
I have exported the Certs generated on the windows server and have used them on freeradius and the connection is successful. Hence looks like the certs are fine.

How to register the NPS server to the Active directory?

windows-network-access-protection
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Nishuradjamohane-0832 avatar image Nishuradjamohane-0832 LimitlessTechnology-2700 ·

@LimitlessTechnology-2700 Yes, I have followed that DOC.
1.Method 1 "Register Server in Active Directory" option is greyed out
2.Method 2 "I dont see any NAS computer in the add new Member option
3.Method 3 is giving the output "The server is not operational"135229-screenshot-from-2021-09-26-11-49-35.png


0 Votes 0 ·

![135230-screenshot-from-2021-09-26-11-46-54.png][1]

screen shot of the NPS
[1]: /answers/storage/attachments/135230-screenshot-from-2021-09-26-11-46-54.png

0 Votes 0 ·

0 Answers