IAS - Ports problem

I am trying to configure an IAS server on my domain controller (Win 2003).

I have installed the IAS server and registered it with AD. The IAS is
supposed to answer on port 1812 and 1645, but when I telnet to these ports
from a wks there is no respond.

I have configured RADIUS clients and Remote access policy in the IAS and
granted users access in AD on the Dial-In tab.

It seams that the IAS is not working or responding to authentications since
it does not respond on the ports.

Could you please help? Anyone?

On 2006-05-08 06:22:02 -0400, VG <(E-Mail Removed)> said:

> I am trying to configure an IAS server on my domain controller (Win 2003).
>
> I have installed the IAS server and registered it with AD. The IAS is
> supposed to answer on port 1812 and 1645, but when I telnet to these
> ports from a wks there is no respond.
>
> I have configured RADIUS clients and Remote access policy in the IAS
> and granted users access in AD on the Dial-In tab.
>
> It seams that the IAS is not working or responding to authentications
> since it does not respond on the ports.
>
> Could you please help? Anyone?

Try running a port scanner to verify that those ports are open, or use
netstat on the server to see if that shows a listening port. Not all
servers will respond to a telnet request, so this isn't necessarily an
accurate way to determine that a port is open and the sever is
responding.

HTH.

--
Regards,
Scott Lowe
ePlus Technology Inc.

"Scott Lowe" wrote:

> On 2006-05-08 06:22:02 -0400, VG <(E-Mail Removed)> said:
>
> > I am trying to configure an IAS server on my domain controller (Win 2003).
> >
> > I have installed the IAS server and registered it with AD. The IAS is
> > supposed to answer on port 1812 and 1645, but when I telnet to these
> > ports from a wks there is no respond.
> >
> > I have configured RADIUS clients and Remote access policy in the IAS
> > and granted users access in AD on the Dial-In tab.
> >
> > It seams that the IAS is not working or responding to authentications
> > since it does not respond on the ports.
> >
> > Could you please help? Anyone?
>
> Try running a port scanner to verify that those ports are open, or use
> netstat on the server to see if that shows a listening port. Not all
> servers will respond to a telnet request, so this isn't necessarily an
> accurate way to determine that a port is open and the sever is
> responding.
>
> HTH.
>
> --
> Regards,
> Scott Lowe
> ePlus Technology Inc.
>
>
Hi Scott

Thank you for your reply.

I have checked for open ports with a portscanner, and get (no reply) on
those ports. Do you have any other suggestions? I can not understand why my
server is not replying on Radius request. I have no FW between or on the
server.

It's going to be hard to detect this using a port scan or telnet because IAS
RADIUS ports are UDP 1812 and UDP 1645
Type netstat -na in you IAS box and check if they are listening like:

UDP 0.0.0.0:1812 *:*
UDP 0.0.0.0:1645 *:*

Those port are going to be listeing only if you register your IAS in Active
Directory (Open the IAS admin console rigth clink in Intenet Authetication
Service and then click in: Register Server in Active Directory)

Daniel Mauser.



"VG" <(E-Mail Removed)> wrote in message
news:5FE6744E-123B-43F6-96E3-(E-Mail Removed)...
>
>
> "Scott Lowe" wrote:
>
>> On 2006-05-08 06:22:02 -0400, VG <(E-Mail Removed)> said:
>>
>> > I am trying to configure an IAS server on my domain controller (Win
>> > 2003).
>> >
>> > I have installed the IAS server and registered it with AD. The IAS is
>> > supposed to answer on port 1812 and 1645, but when I telnet to these
>> > ports from a wks there is no respond.
>> >
>> > I have configured RADIUS clients and Remote access policy in the IAS
>> > and granted users access in AD on the Dial-In tab.
>> >
>> > It seams that the IAS is not working or responding to authentications
>> > since it does not respond on the ports.
>> >
>> > Could you please help? Anyone?
>>
>> Try running a port scanner to verify that those ports are open, or use
>> netstat on the server to see if that shows a listening port. Not all
>> servers will respond to a telnet request, so this isn't necessarily an
>> accurate way to determine that a port is open and the sever is
>> responding.
>>
>> HTH.
>>
>> --
>> Regards,
>> Scott Lowe
>> ePlus Technology Inc.
>>
>>
> Hi Scott
>
> Thank you for your reply.
>
> I have checked for open ports with a portscanner, and get (no reply) on
> those ports. Do you have any other suggestions? I can not understand why
> my
> server is not replying on Radius request. I have no FW between or on the
> server.
>

Thank you, for the useful information, the server is Register Server in
Active Directory and with help the help of your command I was able to verify
that the server is replying to the ports. This helps me to locate the problem
to my “auth server�

One more question. There is two NIC in the IAS servers; does the IAS server
listen on both NIC? Do you know how I can specify which NIC the IAS listen
on? Or check which it already listens on?


"Daniel Mauser" wrote:

> It's going to be hard to detect this using a port scan or telnet because IAS
> RADIUS ports are UDP 1812 and UDP 1645
> Type netstat -na in you IAS box and check if they are listening like:
>
> UDP 0.0.0.0:1812 *:*
> UDP 0.0.0.0:1645 *:*
>
> Those port are going to be listeing only if you register your IAS in Active
> Directory (Open the IAS admin console rigth clink in Intenet Authetication
> Service and then click in: Register Server in Active Directory)
>
> Daniel Mauser.
>
>
>
> "VG" <(E-Mail Removed)> wrote in message
> news:5FE6744E-123B-43F6-96E3-(E-Mail Removed)...
> >
> >
> > "Scott Lowe" wrote:
> >
> >> On 2006-05-08 06:22:02 -0400, VG <(E-Mail Removed)> said:
> >>
> >> > I am trying to configure an IAS server on my domain controller (Win
> >> > 2003).
> >> >
> >> > I have installed the IAS server and registered it with AD. The IAS is
> >> > supposed to answer on port 1812 and 1645, but when I telnet to these
> >> > ports from a wks there is no respond.
> >> >
> >> > I have configured RADIUS clients and Remote access policy in the IAS
> >> > and granted users access in AD on the Dial-In tab.
> >> >
> >> > It seams that the IAS is not working or responding to authentications
> >> > since it does not respond on the ports.
> >> >
> >> > Could you please help? Anyone?
> >>
> >> Try running a port scanner to verify that those ports are open, or use
> >> netstat on the server to see if that shows a listening port. Not all
> >> servers will respond to a telnet request, so this isn't necessarily an
> >> accurate way to determine that a port is open and the sever is
> >> responding.
> >>
> >> HTH.
> >>
> >> --
> >> Regards,
> >> Scott Lowe
> >> ePlus Technology Inc.
> >>
> >>
> > Hi Scott
> >
> > Thank you for your reply.
> >
> > I have checked for open ports with a portscanner, and get (no reply) on
> > those ports. Do you have any other suggestions? I can not understand why
> > my
> > server is not replying on Radius request. I have no FW between or on the
> > server.
> >
>
>
>

It's good to know it is working

Answering your question: It depends how your IAS box is configured. Usually
when you have UDP 0.0.0.0:1812 it means the port is listening in all
adapters. However, if you have RRAS installed in the same IAS box and your
"Internet" NIC is configured in RRAS with public and basic firewall is
check. In this case IAS ports will be available to access only in "internal"
NIC. If you dont have RRAS or Windows Firewall enabled IAS port are listeing
in all NICs.



Daniel Mauser.


"VG" <(E-Mail Removed)> wrote in message
news:1E483FE5-7D4E-415B-892D-(E-Mail Removed)...
> Thank you, for the useful information, the server is Register Server in
> Active Directory and with help the help of your command I was able to
> verify
> that the server is replying to the ports. This helps me to locate the
> problem
> to my "auth server"
>
> One more question. There is two NIC in the IAS servers; does the IAS
> server
> listen on both NIC? Do you know how I can specify which NIC the IAS
> listen
> on? Or check which it already listens on?
>
>
> "Daniel Mauser" wrote:
>
>> It's going to be hard to detect this using a port scan or telnet because
>> IAS
>> RADIUS ports are UDP 1812 and UDP 1645
>> Type netstat -na in you IAS box and check if they are listening like:
>>
>> UDP 0.0.0.0:1812 *:*
>> UDP 0.0.0.0:1645 *:*
>>
>> Those port are going to be listeing only if you register your IAS in
>> Active
>> Directory (Open the IAS admin console rigth clink in Intenet
>> Authetication
>> Service and then click in: Register Server in Active Directory)
>>
>> Daniel Mauser.
>>
>>
>>
>> "VG" <(E-Mail Removed)> wrote in message
>> news:5FE6744E-123B-43F6-96E3-(E-Mail Removed)...
>> >
>> >
>> > "Scott Lowe" wrote:
>> >
>> >> On 2006-05-08 06:22:02 -0400, VG <(E-Mail Removed)> said:
>> >>
>> >> > I am trying to configure an IAS server on my domain controller (Win
>> >> > 2003).
>> >> >
>> >> > I have installed the IAS server and registered it with AD. The IAS
>> >> > is
>> >> > supposed to answer on port 1812 and 1645, but when I telnet to these
>> >> > ports from a wks there is no respond.
>> >> >
>> >> > I have configured RADIUS clients and Remote access policy in the IAS
>> >> > and granted users access in AD on the Dial-In tab.
>> >> >
>> >> > It seams that the IAS is not working or responding to
>> >> > authentications
>> >> > since it does not respond on the ports.
>> >> >
>> >> > Could you please help? Anyone?
>> >>
>> >> Try running a port scanner to verify that those ports are open, or use
>> >> netstat on the server to see if that shows a listening port. Not all
>> >> servers will respond to a telnet request, so this isn't necessarily an
>> >> accurate way to determine that a port is open and the sever is
>> >> responding.
>> >>
>> >> HTH.
>> >>
>> >> --
>> >> Regards,
>> >> Scott Lowe
>> >> ePlus Technology Inc.
>> >>
>> >>
>> > Hi Scott
>> >
>> > Thank you for your reply.
>> >
>> > I have checked for open ports with a portscanner, and get (no reply) on
>> > those ports. Do you have any other suggestions? I can not understand
>> > why
>> > my
>> > server is not replying on Radius request. I have no FW between or on
>> > the
>> > server.
>> >
>>
>>
>>

Thanks again for helpful information. I appreciate your posts and comments.

I will continue my problem solving.


"Daniel Mauser" wrote:

> It's good to know it is working
>
> Answering your question: It depends how your IAS box is configured. Usually
> when you have UDP 0.0.0.0:1812 it means the port is listening in all
> adapters. However, if you have RRAS installed in the same IAS box and your
> "Internet" NIC is configured in RRAS with public and basic firewall is
> check. In this case IAS ports will be available to access only in "internal"
> NIC. If you dont have RRAS or Windows Firewall enabled IAS port are listeing
> in all NICs.
>
>
>
> Daniel Mauser.
>
>
> "VG" <(E-Mail Removed)> wrote in message
> news:1E483FE5-7D4E-415B-892D-(E-Mail Removed)...
> > Thank you, for the useful information, the server is Register Server in
> > Active Directory and with help the help of your command I was able to
> > verify
> > that the server is replying to the ports. This helps me to locate the
> > problem
> > to my "auth server"
> >
> > One more question. There is two NIC in the IAS servers; does the IAS
> > server
> > listen on both NIC? Do you know how I can specify which NIC the IAS
> > listen
> > on? Or check which it already listens on?
> >
> >
> > "Daniel Mauser" wrote:
> >
> >> It's going to be hard to detect this using a port scan or telnet because
> >> IAS
> >> RADIUS ports are UDP 1812 and UDP 1645
> >> Type netstat -na in you IAS box and check if they are listening like:
> >>
> >> UDP 0.0.0.0:1812 *:*
> >> UDP 0.0.0.0:1645 *:*
> >>
> >> Those port are going to be listeing only if you register your IAS in
> >> Active
> >> Directory (Open the IAS admin console rigth clink in Intenet
> >> Authetication
> >> Service and then click in: Register Server in Active Directory)
> >>
> >> Daniel Mauser.
> >>
> >>
> >>
> >> "VG" <(E-Mail Removed)> wrote in message
> >> news:5FE6744E-123B-43F6-96E3-(E-Mail Removed)...
> >> >
> >> >
> >> > "Scott Lowe" wrote:
> >> >
> >> >> On 2006-05-08 06:22:02 -0400, VG <(E-Mail Removed)> said:
> >> >>
> >> >> > I am trying to configure an IAS server on my domain controller (Win
> >> >> > 2003).
> >> >> >
> >> >> > I have installed the IAS server and registered it with AD. The IAS
> >> >> > is
> >> >> > supposed to answer on port 1812 and 1645, but when I telnet to these
> >> >> > ports from a wks there is no respond.
> >> >> >
> >> >> > I have configured RADIUS clients and Remote access policy in the IAS
> >> >> > and granted users access in AD on the Dial-In tab.
> >> >> >
> >> >> > It seams that the IAS is not working or responding to
> >> >> > authentications
> >> >> > since it does not respond on the ports.
> >> >> >
> >> >> > Could you please help? Anyone?
> >> >>
> >> >> Try running a port scanner to verify that those ports are open, or use
> >> >> netstat on the server to see if that shows a listening port. Not all
> >> >> servers will respond to a telnet request, so this isn't necessarily an
> >> >> accurate way to determine that a port is open and the sever is
> >> >> responding.
> >> >>
> >> >> HTH.
> >> >>
> >> >> --
> >> >> Regards,
> >> >> Scott Lowe
> >> >> ePlus Technology Inc.
> >> >>
> >> >>
> >> > Hi Scott
> >> >
> >> > Thank you for your reply.
> >> >
> >> > I have checked for open ports with a portscanner, and get (no reply) on
> >> > those ports. Do you have any other suggestions? I can not understand
> >> > why
> >> > my
> >> > server is not replying on Radius request. I have no FW between or on
> >> > the
> >> > server.
> >> >
> >>
> >>
> >>
>
>
>