Event ID 34 — Remote RADIUS Server Availability
Applies To: Windows Server 2008 R2
When Network Policy Server (NPS) is configured as a RADIUS proxy, it must be able to contact remote RADIUS servers. Remote RADIUS servers must be available to the NPS proxy so that the proxy can forward connection requests to the RADIUS servers for processing.
|Product:||Windows Operating System|
|Message:||The RADIUS Proxy is unable to receive responses because of a network error. The error code is %2.|
Fix network connectivity issues
To perform these procedures, you must be a member of Domain Admins.
To fix network connectivity issues:
- Confirm that all routers between the NPS proxy and the RADIUS server are working.
- Make sure that the firewall on the remote RADIUS server allows RADIUS traffic, and that the RADIUS proxy and RADIUS server send RADIUS traffic over the same UDP ports. To configure NPS UDP port information:
- Click Start, Administrative Tools, Network Policy Server. The Network Policy Server Microsoft Management Console (MMC) opens.
- Right-click Network Policy Server, and then click Properties.
- Click the Ports tab, and then examine the settings for ports. If your RADIUS authentication and RADIUS accounting UDP ports vary from the default values provided (1812 and 1645 for authentication and 1813 and 1646 for accounting), type your port settings in Authentication and Accounting.
- Make sure that Internet Protocol security (IPsec) policies are configured to allow traffic between the two servers.
- Make sure that the RADIUS server has an IP address and is physically connected to the network, and that the core components of the network are working. To check the IP address or the configuration of the server running NPS or to perform basic network troubleshooting:
- Click Start, click All Programs, click Accessories, and then click Command Prompt.
- Type ipconfig /all. Make sure that the server running NPS has an IP address in the correct IP address range, and does not have an Automatic Private IP Addressing (APIPA) address (an IP address in the 169.254.x.x range). If the server has an APIPA address, it is configured as a DHCP client and cannot contact a DHCP server. Confirm that the DHCP server is online, that links between NPS and the DHCP server are working, and that all routers between NPS and the DHCP server are configured to forward DHCP messages.
- Type ping localhost to check that TCP/IP is installed and correctly configured on the local computer. If the ping is unsuccessful, this might indicate a corrupt TCP/IP stack or a problem with the network adapter.
- Type ping *ip_address, where *ip_address is the IP address assigned to the local computer. If you can ping the localhost address but not the local IP address, there might be an issue with the routing table or network adapter driver.
- Type ping *dns_server, where *dns_server is the IP address for the DNS server. If there is more than one DNS server on your network, ping each one. If you cannot ping the DNS servers, this indicates a problem with the DNS servers or with the network between the server running NPS and the DNS servers.
To verify connectivity between the RADIUS proxy and RADIUS server:
- On the RADIUS proxy, start an application that is used to capture network traffic and begin a capture.
- On a computer that is configured according to network access policy, log on to the network with a valid user account and valid credentials through a RADIUS client whose connection requests are normally forwarded by the RADIUS proxy to the remote RADIUS server.
- On the RADIUS proxy, stop the network traffic capture, and then review UDP RADIUS traffic to confirm that the RADIUS proxy and the RADIUS server are able to connect.