Event ID 14 — RADIUS Client Communication
Applies To: Windows Server 2008
Network Policy Server (NPS) exchanges RADIUS messages with RADIUS clients. RADIUS messages exchanged between NPS and RADIUS clients must comply with the RADIUS protocol specification or NPS might not be able to process connection requests.
|Product:||Windows Operating System|
|Message:||A RADIUS message was received from RADIUS client %1 with an invalid authenticator. This is typically caused by mismatched shared secrets. Verify the configuration of the shared secret for the RADIUS client in the Network Policy Server snap-in and the configuration of the network access server.|
Fix RADIUS client communication issues
This condition can occur under the following circumstances:
- The RADIUS client configuration is incorrect, and NPS received a RADIUS message that contains an authenticator that is not valid.
- The RADIUS client needs to be updated because the size of a RADIUS message received from the RADIUS client exceeds the message size specified in the RADIUS protocol.
To perform this procedure, you must be a member of Domain Admins.
To change the RADIUS client configuration:
- Open the NPS Microsoft Management Console (MMC), and double-click RADIUS Clients and Servers.
- Click RADIUS Clients, and then locate and double-click the RADIUS client whose configuration you want to check. Confirm that the shared secret and IP address are correct.
- On the network access server, make sure the shared secret is the same as the one used in NPS.
- If the shared secret is the same, consult your network access server documentation to confirm that the network access server complies with RADIUS standards, as defined by the Internet Engineering Task Force (IETF). If it does not, contact the RADIUS client vendor and request a firmware or other update as needed, and then apply the update according to the vendor's documentation.
To verify RADIUS client communication:
- Use a network access client to connect to the network through the RADIUS client that previously sent RADIUS messages that contained an incorrect authenticator or whose message size exceeded the RADIUS protocol.
- The access client should be able to connect successfully to the network through the RADIUS client.