Event ID 4401 — NPS and Domain Controller Communication

Applies To: Windows Server 2008 R2

Network Policy Server (NPS) contacts domain controllers to perform authentication and authorization for connection requests received from configured RADIUS clients. If NPS cannot contact domain controllers, it cannot perform authentication and authorization, and network access authentication will fail.

Event Details

Product: Windows Operating System
ID: 4401
Source: NPS
Version: 6.1
Symbolic Name: IAS_DC_NOT_RESPONSIVE
Message: Domain controller %1 for domain %2 is not responsive. NPS switches to other DCs.

Resolve

Fix domain controller issues

To perform this procedure, you must be a member of Domain Admins.

To fix domain controller issues:

  • Wait for a domain controller to respond to NPS. One or more domain controllers might be offline due to reboots or other issues, such as hardware failure or temporary network congestion. Domain controllers might respond shortly, and NPS will switch to other domain controllers automatically.
  • If the problem is not temporary and NPS frequently has trouble contacting domain controllers to perform authentication and authorization for connection requests, add more backup domain controllers to the network. In addition, configure your network so that there are multiple paths between servers running NPS and domain controllers. If there is a network outage on one path between NPS and a domain controller, additional paths will allow the two entities to communicate.

Verify

To verify that domain controllers are available:

Review the NPS accounting data to verify that connection requests are being processed normally.

To locate the NPS accounting data:

  1. Click Start, Administrative Tools, Network Policy Server. The NPS Microsoft Management Console (MMC) opens.
  2. In the console tree, click Accounting.
  3. In the details pane, click either Configure Local File Logging or Configure SQL Server Logging to identify the folder location or data source for the log file.
  4. In Windows Explorer, browse to the log file location. Without opening the log file, make a copy of the log file, and then open the log file copy in your text editor. If domain controllers are available and NPS has received and processed connection requests, recent log file entries will appear in the file.

NPS and Domain Controller Communication

Network Policy Server Infrastructure