Vista wireless using IAS and WPA-Enterprise

Hi,

I've got a problem with Vista not connecting to our wireless network,
Everything works great with XP but on Vista although Vista is configured to
use PEAP i get this error message on the server when the Vista PC try to
connect...

User host/Paul07.domain.local was denied access.
Fully-Qualified-User-Name = domain.local/Computers/PAUL07
NAS-IP-Address = 192.168.100.126
NAS-Identifier =
Called-Station-Identifier = <not present>
Calling-Station-Identifier = <not present>
Client-Friendly-Name = 3com
Client-IP-Address = 192.168.100.126
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 29
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Connections to other access servers
Authentication-Type = EAP
EAP-Type = <undetermined>
Reason-Code = 65
Reason = The connection attempt failed because remote access permission for
the user account was denied. To allow remote access, enable remote access
permission for the user account, or, if the user account specifies that
access is controlled through the matching remote access policy, enable remote
access permission for that remote access policy.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

At the moment IAS is only configured to accept PEAP authentication, If i
enable EAP (Which i don't want to use) i get this message..

Because no certificate has been configured for clients dialing in with
EAP-TLS, a default certificate is being sent to user domain\paul. Please go
to the user's Remote Access Policy and configure the Extensible
Authentication Protocol (EAP).

Like i say Vista is configured to PEAP but for some reason seems to be
sending info that it wants to use EAP-TLS

What am i doing wrong?

Thanks in advance for any help


Paul Mckenna

Hi again,

sorry i posted the wrong error message for the IAS connection, because i
keep trying things, this is the actual error i get when the Vista PC tries to
connect to our wireless network

User ARKEL\Paul was denied access.
Fully-Qualified-User-Name = domain.local/Technical/Paul Mckenna
NAS-IP-Address = 192.168.100.126
NAS-Identifier =
Called-Station-Identifier = <not present>
Calling-Station-Identifier = <not present>
Client-Friendly-Name = 3com
Client-IP-Address = 192.168.100.126
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 29
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = VPN
Authentication-Type = EAP
EAP-Type = <undetermined>
Reason-Code = 22
Reason = The client could not be authenticated because the Extensible
Authentication Protocol (EAP) Type cannot be processed by the server.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

"Paul Mckenna" wrote:

> Hi,
>
> I've got a problem with Vista not connecting to our wireless network,
> Everything works great with XP but on Vista although Vista is configured to
> use PEAP i get this error message on the server when the Vista PC try to
> connect...
>
> User host/Paul07.domain.local was denied access.
> Fully-Qualified-User-Name = domain.local/Computers/PAUL07
> NAS-IP-Address = 192.168.100.126
> NAS-Identifier =
> Called-Station-Identifier = <not present>
> Calling-Station-Identifier = <not present>
> Client-Friendly-Name = 3com
> Client-IP-Address = 192.168.100.126
> NAS-Port-Type = Wireless - IEEE 802.11
> NAS-Port = 29
> Proxy-Policy-Name = Use Windows authentication for all users
> Authentication-Provider = Windows
> Authentication-Server = <undetermined>
> Policy-Name = Connections to other access servers
> Authentication-Type = EAP
> EAP-Type = <undetermined>
> Reason-Code = 65
> Reason = The connection attempt failed because remote access permission for
> the user account was denied. To allow remote access, enable remote access
> permission for the user account, or, if the user account specifies that
> access is controlled through the matching remote access policy, enable remote
> access permission for that remote access policy.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> At the moment IAS is only configured to accept PEAP authentication, If i
> enable EAP (Which i don't want to use) i get this message..
>
> Because no certificate has been configured for clients dialing in with
> EAP-TLS, a default certificate is being sent to user domain\paul. Please go
> to the user's Remote Access Policy and configure the Extensible
> Authentication Protocol (EAP).
>
> Like i say Vista is configured to PEAP but for some reason seems to be
> sending info that it wants to use EAP-TLS
>
> What am i doing wrong?
>
> Thanks in advance for any help

I would double check the remote Access Policy. This post may help,

IAS Reason-Code = 65

http://www.chicagotech.net/netforums...hp?p=1711#1711


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Paul Mckenna" <(E-Mail Removed)> wrote in message news:CB717348-F026-42B2-BED0-(E-Mail Removed)...
Hi,

I've got a problem with Vista not connecting to our wireless network,
Everything works great with XP but on Vista although Vista is configured to
use PEAP i get this error message on the server when the Vista PC try to
connect...

User host/Paul07.domain.local was denied access.
Fully-Qualified-User-Name = domain.local/Computers/PAUL07
NAS-IP-Address = 192.168.100.126
NAS-Identifier =
Called-Station-Identifier = <not present>
Calling-Station-Identifier = <not present>
Client-Friendly-Name = 3com
Client-IP-Address = 192.168.100.126
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 29
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Connections to other access servers
Authentication-Type = EAP
EAP-Type = <undetermined>
Reason-Code = 65
Reason = The connection attempt failed because remote access permission for
the user account was denied. To allow remote access, enable remote access
permission for the user account, or, if the user account specifies that
access is controlled through the matching remote access policy, enable remote
access permission for that remote access policy.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

At the moment IAS is only configured to accept PEAP authentication, If i
enable EAP (Which i don't want to use) i get this message..

Because no certificate has been configured for clients dialing in with
EAP-TLS, a default certificate is being sent to user domain\paul. Please go
to the user's Remote Access Policy and configure the Extensible
Authentication Protocol (EAP).

Like i say Vista is configured to PEAP but for some reason seems to be
sending info that it wants to use EAP-TLS

What am i doing wrong?

Thanks in advance for any help

Thanks for your quick response, It's my fault i posted the wrong error
message.. The actual failure is

User DOMAIN\Paul was denied access.
Fully-Qualified-User-Name = domain.local/Technical/Paul Mckenna
NAS-IP-Address = 192.168.100.126
NAS-Identifier =
Called-Station-Identifier = <not present>
Calling-Station-Identifier = <not present>
Client-Friendly-Name = 3com
Client-IP-Address = 192.168.100.126
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 29
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = VPN
Authentication-Type = EAP
EAP-Type = <undetermined>
Reason-Code = 22
Reason = The client could not be authenticated because the Extensible
Authentication Protocol (EAP) Type cannot be processed by the server.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

It seems to be that Vista is sending that it wants to use EAP even though
it's configured to use PEAP.

"Robert L [MVP - Networking]" wrote:

> I would double check the remote Access Policy. This post may help,
>
> IAS Reason-Code = 65
>
> http://www.chicagotech.net/netforums...hp?p=1711#1711
>
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> "Paul Mckenna" <(E-Mail Removed)> wrote in message news:CB717348-F026-42B2-BED0-(E-Mail Removed)...
> Hi,
>
> I've got a problem with Vista not connecting to our wireless network,
> Everything works great with XP but on Vista although Vista is configured to
> use PEAP i get this error message on the server when the Vista PC try to
> connect...
>
> User host/Paul07.domain.local was denied access.
> Fully-Qualified-User-Name = domain.local/Computers/PAUL07
> NAS-IP-Address = 192.168.100.126
> NAS-Identifier =
> Called-Station-Identifier = <not present>
> Calling-Station-Identifier = <not present>
> Client-Friendly-Name = 3com
> Client-IP-Address = 192.168.100.126
> NAS-Port-Type = Wireless - IEEE 802.11
> NAS-Port = 29
> Proxy-Policy-Name = Use Windows authentication for all users
> Authentication-Provider = Windows
> Authentication-Server = <undetermined>
> Policy-Name = Connections to other access servers
> Authentication-Type = EAP
> EAP-Type = <undetermined>
> Reason-Code = 65
> Reason = The connection attempt failed because remote access permission for
> the user account was denied. To allow remote access, enable remote access
> permission for the user account, or, if the user account specifies that
> access is controlled through the matching remote access policy, enable remote
> access permission for that remote access policy.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> At the moment IAS is only configured to accept PEAP authentication, If i
> enable EAP (Which i don't want to use) i get this message..
>
> Because no certificate has been configured for clients dialing in with
> EAP-TLS, a default certificate is being sent to user domain\paul. Please go
> to the user's Remote Access Policy and configure the Extensible
> Authentication Protocol (EAP).
>
> Like i say Vista is configured to PEAP but for some reason seems to be
> sending info that it wants to use EAP-TLS
>
> What am i doing wrong?
>
> Thanks in advance for any help

Or this post:.

IAS Reason-Code = 22 and 97
http://chicagotech.net/netforums/viewtopic.php?t=1063

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Paul Mckenna" <(E-Mail Removed)> wrote in message news:EB1DC5EB-D1C7-43D2-943E-(E-Mail Removed)...

Thanks for your quick response, It's my fault i posted the wrong error
message.. The actual failure is

User DOMAIN\Paul was denied access.
Fully-Qualified-User-Name = domain.local/Technical/Paul Mckenna
NAS-IP-Address = 192.168.100.126
NAS-Identifier =
Called-Station-Identifier = <not present>
Calling-Station-Identifier = <not present>
Client-Friendly-Name = 3com
Client-IP-Address = 192.168.100.126
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 29
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = VPN
Authentication-Type = EAP
EAP-Type = <undetermined>
Reason-Code = 22
Reason = The client could not be authenticated because the Extensible
Authentication Protocol (EAP) Type cannot be processed by the server.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

It seems to be that Vista is sending that it wants to use EAP even though
it's configured to use PEAP.

"Robert L [MVP - Networking]" wrote:

> I would double check the remote Access Policy. This post may help,
>
> IAS Reason-Code = 65
>
> http://www.chicagotech.net/netforums...hp?p=1711#1711
>
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> "Paul Mckenna" <(E-Mail Removed)> wrote in message news:CB717348-F026-42B2-BED0-(E-Mail Removed)...
> Hi,
>
> I've got a problem with Vista not connecting to our wireless network,
> Everything works great with XP but on Vista although Vista is configured to
> use PEAP i get this error message on the server when the Vista PC try to
> connect...
>
> User host/Paul07.domain.local was denied access.
> Fully-Qualified-User-Name = domain.local/Computers/PAUL07
> NAS-IP-Address = 192.168.100.126
> NAS-Identifier =
> Called-Station-Identifier = <not present>
> Calling-Station-Identifier = <not present>
> Client-Friendly-Name = 3com
> Client-IP-Address = 192.168.100.126
> NAS-Port-Type = Wireless - IEEE 802.11
> NAS-Port = 29
> Proxy-Policy-Name = Use Windows authentication for all users
> Authentication-Provider = Windows
> Authentication-Server = <undetermined>
> Policy-Name = Connections to other access servers
> Authentication-Type = EAP
> EAP-Type = <undetermined>
> Reason-Code = 65
> Reason = The connection attempt failed because remote access permission for
> the user account was denied. To allow remote access, enable remote access
> permission for the user account, or, if the user account specifies that
> access is controlled through the matching remote access policy, enable remote
> access permission for that remote access policy.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> At the moment IAS is only configured to accept PEAP authentication, If i
> enable EAP (Which i don't want to use) i get this message..
>
> Because no certificate has been configured for clients dialing in with
> EAP-TLS, a default certificate is being sent to user domain\paul. Please go
> to the user's Remote Access Policy and configure the Extensible
> Authentication Protocol (EAP).
>
> Like i say Vista is configured to PEAP but for some reason seems to be
> sending info that it wants to use EAP-TLS
>
> What am i doing wrong?
>
> Thanks in advance for any help

again I Appreciate your response but this works with XP, XP sends the message
to IAS that it wants to use PEAP authentication where as Vista sends the
message to use EAP (which is not configured and is not something i want to
use) even though Vista is configured to use PEAP.
So although these error message will probably help with someone who wants to
use EAP-TLS without having properly configured it. They don't really shed any
light on my problem.

Thnaks again

Regards
Paul


"Robert L [MVP - Networking]" wrote:

> Or this post:.
>
> IAS Reason-Code = 22 and 97
> http://chicagotech.net/netforums/viewtopic.php?t=1063
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> "Paul Mckenna" <(E-Mail Removed)> wrote in message news:EB1DC5EB-D1C7-43D2-943E-(E-Mail Removed)...
>
> Thanks for your quick response, It's my fault i posted the wrong error
> message.. The actual failure is
>
> User DOMAIN\Paul was denied access.
> Fully-Qualified-User-Name = domain.local/Technical/Paul Mckenna
> NAS-IP-Address = 192.168.100.126
> NAS-Identifier =
> Called-Station-Identifier = <not present>
> Calling-Station-Identifier = <not present>
> Client-Friendly-Name = 3com
> Client-IP-Address = 192.168.100.126
> NAS-Port-Type = Wireless - IEEE 802.11
> NAS-Port = 29
> Proxy-Policy-Name = Use Windows authentication for all users
> Authentication-Provider = Windows
> Authentication-Server = <undetermined>
> Policy-Name = VPN
> Authentication-Type = EAP
> EAP-Type = <undetermined>
> Reason-Code = 22
> Reason = The client could not be authenticated because the Extensible
> Authentication Protocol (EAP) Type cannot be processed by the server.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> It seems to be that Vista is sending that it wants to use EAP even though
> it's configured to use PEAP.
>
> "Robert L [MVP - Networking]" wrote:
>
> > I would double check the remote Access Policy. This post may help,
> >
> > IAS Reason-Code = 65
> >
> > http://www.chicagotech.net/netforums...hp?p=1711#1711
> >
> >
> > Bob Lin, MS-MVP, MCSE & CNE
> > Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> > How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> > "Paul Mckenna" <(E-Mail Removed)> wrote in message news:CB717348-F026-42B2-BED0-(E-Mail Removed)...
> > Hi,
> >
> > I've got a problem with Vista not connecting to our wireless network,
> > Everything works great with XP but on Vista although Vista is configured to
> > use PEAP i get this error message on the server when the Vista PC try to
> > connect...
> >
> > User host/Paul07.domain.local was denied access.
> > Fully-Qualified-User-Name = domain.local/Computers/PAUL07
> > NAS-IP-Address = 192.168.100.126
> > NAS-Identifier =
> > Called-Station-Identifier = <not present>
> > Calling-Station-Identifier = <not present>
> > Client-Friendly-Name = 3com
> > Client-IP-Address = 192.168.100.126
> > NAS-Port-Type = Wireless - IEEE 802.11
> > NAS-Port = 29
> > Proxy-Policy-Name = Use Windows authentication for all users
> > Authentication-Provider = Windows
> > Authentication-Server = <undetermined>
> > Policy-Name = Connections to other access servers
> > Authentication-Type = EAP
> > EAP-Type = <undetermined>
> > Reason-Code = 65
> > Reason = The connection attempt failed because remote access permission for
> > the user account was denied. To allow remote access, enable remote access
> > permission for the user account, or, if the user account specifies that
> > access is controlled through the matching remote access policy, enable remote
> > access permission for that remote access policy.
> >
> > For more information, see Help and Support Center at
> > http://go.microsoft.com/fwlink/events.asp.
> >
> > At the moment IAS is only configured to accept PEAP authentication, If i
> > enable EAP (Which i don't want to use) i get this message..
> >
> > Because no certificate has been configured for clients dialing in with
> > EAP-TLS, a default certificate is being sent to user domain\paul. Please go
> > to the user's Remote Access Policy and configure the Extensible
> > Authentication Protocol (EAP).
> >
> > Like i say Vista is configured to PEAP but for some reason seems to be
> > sending info that it wants to use EAP-TLS
> >
> > What am i doing wrong?
> >
> > Thanks in advance for any help

Hello Paul,

Thank you for using newsgroup!

From your post, I'd like to suggest you try to reduce the EAP packet size
of a Remote Authentication Dial-In User Service (RADIUS) server. You can do
this by using the Framed-MTU attribute in Internet Authentication Services
(IAS) of a Microsoft Windows Server 2003-based computer. For more detailed
steps, please refer to:
883389: How to reduce the EAP packet size by using the Framed MTU attribute
in Windows Server 2003
http://support.microsoft.com/default...b;EN-US;883389

Thanks & Regards,

Ken Zhao

Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
================================================== ==
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
================================================== ==
This posting is provided "AS IS" with no warranties, and confers no rights.





--------------------
| Thread-Topic: Vista wireless using IAS and WPA-Enterprise
| thread-index: AcfH9YDU6jOQn/+xSL2/iOe7lK2ZoQ==
| X-WBNR-Posting-Host: 207.46.193.207
| From: =?Utf-8?B?UGF1bCBNY2tlbm5h?= <(E-Mail Removed)>
| References: <CB717348-F026-42B2-BED0-(E-Mail Removed)>
<(E-Mail Removed)>
<EB1DC5EB-D1C7-43D2-943E-(E-Mail Removed)>
<uE4PtN$(E-Mail Removed)>
| Subject: Re: Vista wireless using IAS and WPA-Enterprise
| Date: Mon, 16 Jul 2007 15:06:04 -0700
| Lines: 115
| Message-ID: <44117B87-F9C9-40F4-9597-(E-Mail Removed)>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
| Newsgroups: microsoft.public.windows.server.networking
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.networking:5812
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windows.server.networking
|
| again I Appreciate your response but this works with XP, XP sends the
message
| to IAS that it wants to use PEAP authentication where as Vista sends the
| message to use EAP (which is not configured and is not something i want
to
| use) even though Vista is configured to use PEAP.
| So although these error message will probably help with someone who wants
to
| use EAP-TLS without having properly configured it. They don't really shed
any
| light on my problem.
|
| Thnaks again
|
| Regards
| Paul
|
|
| "Robert L [MVP - Networking]" wrote:
|
| > Or this post:.
| >
| > IAS Reason-Code = 22 and 97
| > http://chicagotech.net/netforums/viewtopic.php?t=1063
| >
| > Bob Lin, MS-MVP, MCSE & CNE
| > Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
| > How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
| > "Paul Mckenna" <(E-Mail Removed)> wrote in message
news:EB1DC5EB-D1C7-43D2-943E-(E-Mail Removed)...
| >
| > Thanks for your quick response, It's my fault i posted the wrong
error
| > message.. The actual failure is
| >
| > User DOMAIN\Paul was denied access.
| > Fully-Qualified-User-Name = domain.local/Technical/Paul Mckenna
| > NAS-IP-Address = 192.168.100.126
| > NAS-Identifier =
| > Called-Station-Identifier = <not present>
| > Calling-Station-Identifier = <not present>
| > Client-Friendly-Name = 3com
| > Client-IP-Address = 192.168.100.126
| > NAS-Port-Type = Wireless - IEEE 802.11
| > NAS-Port = 29
| > Proxy-Policy-Name = Use Windows authentication for all users
| > Authentication-Provider = Windows
| > Authentication-Server = <undetermined>
| > Policy-Name = VPN
| > Authentication-Type = EAP
| > EAP-Type = <undetermined>
| > Reason-Code = 22
| > Reason = The client could not be authenticated because the
Extensible
| > Authentication Protocol (EAP) Type cannot be processed by the server.
| >
| > For more information, see Help and Support Center at
| > http://go.microsoft.com/fwlink/events.asp.
| >
| > It seems to be that Vista is sending that it wants to use EAP even
though
| > it's configured to use PEAP.
| >
| > "Robert L [MVP - Networking]" wrote:
| >
| > > I would double check the remote Access Policy. This post may help,
| > >
| > > IAS Reason-Code = 65
| > >
| > > http://www.chicagotech.net/netforums...hp?p=1711#1711
| > >
| > >
| > > Bob Lin, MS-MVP, MCSE & CNE
| > > Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
| > > How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
| > > "Paul Mckenna" <(E-Mail Removed)> wrote in message
news:CB717348-F026-42B2-BED0-(E-Mail Removed)...
| > > Hi,
| > >
| > > I've got a problem with Vista not connecting to our wireless
network,
| > > Everything works great with XP but on Vista although Vista is
configured to
| > > use PEAP i get this error message on the server when the Vista PC
try to
| > > connect...
| > >
| > > User host/Paul07.domain.local was denied access.
| > > Fully-Qualified-User-Name = domain.local/Computers/PAUL07
| > > NAS-IP-Address = 192.168.100.126
| > > NAS-Identifier =
| > > Called-Station-Identifier = <not present>
| > > Calling-Station-Identifier = <not present>
| > > Client-Friendly-Name = 3com
| > > Client-IP-Address = 192.168.100.126
| > > NAS-Port-Type = Wireless - IEEE 802.11
| > > NAS-Port = 29
| > > Proxy-Policy-Name = Use Windows authentication for all users
| > > Authentication-Provider = Windows
| > > Authentication-Server = <undetermined>
| > > Policy-Name = Connections to other access servers
| > > Authentication-Type = EAP
| > > EAP-Type = <undetermined>
| > > Reason-Code = 65
| > > Reason = The connection attempt failed because remote access
permission for
| > > the user account was denied. To allow remote access, enable
remote access
| > > permission for the user account, or, if the user account
specifies that
| > > access is controlled through the matching remote access policy,
enable remote
| > > access permission for that remote access policy.
| > >
| > > For more information, see Help and Support Center at
| > > http://go.microsoft.com/fwlink/events.asp.
| > >
| > > At the moment IAS is only configured to accept PEAP
authentication, If i
| > > enable EAP (Which i don't want to use) i get this message..
| > >
| > > Because no certificate has been configured for clients dialing in
with
| > > EAP-TLS, a default certificate is being sent to user domain\paul.
Please go
| > > to the user's Remote Access Policy and configure the Extensible
| > > Authentication Protocol (EAP).
| > >
| > > Like i say Vista is configured to PEAP but for some reason seems
to be
| > > sending info that it wants to use EAP-TLS
| > >
| > > What am i doing wrong?
| > >
| > > Thanks in advance for any help
|

Hi,

Thanks for your suggestion I've tried this and it makes no difference, I
tried setting it to various numbers 1344,1000,64,128 none made any
difference. I have since found out that using another make Access Point
rather than 3Com and Vista will connect but all 3Com acccess points i've
tried work fine with XP but not with Vista.

I'm not sure what else to try.

Regards
Paul Mckenna

""Ken Zhao [MSFT]"" wrote:

> Hello Paul,
>
> Thank you for using newsgroup!
>
> From your post, I'd like to suggest you try to reduce the EAP packet size
> of a Remote Authentication Dial-In User Service (RADIUS) server. You can do
> this by using the Framed-MTU attribute in Internet Authentication Services
> (IAS) of a Microsoft Windows Server 2003-based computer. For more detailed
> steps, please refer to:
> 883389: How to reduce the EAP packet size by using the Framed MTU attribute
> in Windows Server 2003
> http://support.microsoft.com/default...b;EN-US;883389
>
> Thanks & Regards,
>
> Ken Zhao
>
> Microsoft Online Support
> Microsoft Global Technical Support Center
>
> Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
> ================================================== ==
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> ================================================== ==
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
>
>
>
> --------------------
> | Thread-Topic: Vista wireless using IAS and WPA-Enterprise
> | thread-index: AcfH9YDU6jOQn/+xSL2/iOe7lK2ZoQ==
> | X-WBNR-Posting-Host: 207.46.193.207
> | From: =?Utf-8?B?UGF1bCBNY2tlbm5h?= <(E-Mail Removed)>
> | References: <CB717348-F026-42B2-BED0-(E-Mail Removed)>
> <(E-Mail Removed)>
> <EB1DC5EB-D1C7-43D2-943E-(E-Mail Removed)>
> <uE4PtN$(E-Mail Removed)>
> | Subject: Re: Vista wireless using IAS and WPA-Enterprise
> | Date: Mon, 16 Jul 2007 15:06:04 -0700
> | Lines: 115
> | Message-ID: <44117B87-F9C9-40F4-9597-(E-Mail Removed)>
> | MIME-Version: 1.0
> | Content-Type: text/plain;
> | charset="Utf-8"
> | Content-Transfer-Encoding: 7bit
> | X-Newsreader: Microsoft CDO for Windows 2000
> | Content-Class: urn:content-classes:message
> | Importance: normal
> | Priority: normal
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
> | Newsgroups: microsoft.public.windows.server.networking
> | Path: TK2MSFTNGHUB02.phx.gbl
> | Xref: TK2MSFTNGHUB02.phx.gbl
> microsoft.public.windows.server.networking:5812
> | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
> | X-Tomcat-NG: microsoft.public.windows.server.networking
> |
> | again I Appreciate your response but this works with XP, XP sends the
> message
> | to IAS that it wants to use PEAP authentication where as Vista sends the
> | message to use EAP (which is not configured and is not something i want
> to
> | use) even though Vista is configured to use PEAP.
> | So although these error message will probably help with someone who wants
> to
> | use EAP-TLS without having properly configured it. They don't really shed
> any
> | light on my problem.
> |
> | Thnaks again
> |
> | Regards
> | Paul
> |
> |
> | "Robert L [MVP - Networking]" wrote:
> |
> | > Or this post:.
> | >
> | > IAS Reason-Code = 22 and 97
> | > http://chicagotech.net/netforums/viewtopic.php?t=1063
> | >
> | > Bob Lin, MS-MVP, MCSE & CNE
> | > Networking, Internet, Routing, VPN Troubleshooting on
> http://www.ChicagoTech.net
> | > How to Setup Windows, Network, VPN & Remote Access on
> http://www.HowToNetworking.com
> | > "Paul Mckenna" <(E-Mail Removed)> wrote in message
> news:EB1DC5EB-D1C7-43D2-943E-(E-Mail Removed)...
> | >
> | > Thanks for your quick response, It's my fault i posted the wrong
> error
> | > message.. The actual failure is
> | >
> | > User DOMAIN\Paul was denied access.
> | > Fully-Qualified-User-Name = domain.local/Technical/Paul Mckenna
> | > NAS-IP-Address = 192.168.100.126
> | > NAS-Identifier =
> | > Called-Station-Identifier = <not present>
> | > Calling-Station-Identifier = <not present>
> | > Client-Friendly-Name = 3com
> | > Client-IP-Address = 192.168.100.126
> | > NAS-Port-Type = Wireless - IEEE 802.11
> | > NAS-Port = 29
> | > Proxy-Policy-Name = Use Windows authentication for all users
> | > Authentication-Provider = Windows
> | > Authentication-Server = <undetermined>
> | > Policy-Name = VPN
> | > Authentication-Type = EAP
> | > EAP-Type = <undetermined>
> | > Reason-Code = 22
> | > Reason = The client could not be authenticated because the
> Extensible
> | > Authentication Protocol (EAP) Type cannot be processed by the server.
> | >
> | > For more information, see Help and Support Center at
> | > http://go.microsoft.com/fwlink/events.asp.
> | >
> | > It seems to be that Vista is sending that it wants to use EAP even
> though
> | > it's configured to use PEAP.
> | >
> | > "Robert L [MVP - Networking]" wrote:
> | >
> | > > I would double check the remote Access Policy. This post may help,
> | > >
> | > > IAS Reason-Code = 65
> | > >
> | > > http://www.chicagotech.net/netforums...hp?p=1711#1711
> | > >
> | > >
> | > > Bob Lin, MS-MVP, MCSE & CNE
> | > > Networking, Internet, Routing, VPN Troubleshooting on
> http://www.ChicagoTech.net
> | > > How to Setup Windows, Network, VPN & Remote Access on
> http://www.HowToNetworking.com
> | > > "Paul Mckenna" <(E-Mail Removed)> wrote in message
> news:CB717348-F026-42B2-BED0-(E-Mail Removed)...
> | > > Hi,
> | > >
> | > > I've got a problem with Vista not connecting to our wireless
> network,
> | > > Everything works great with XP but on Vista although Vista is
> configured to
> | > > use PEAP i get this error message on the server when the Vista PC
> try to
> | > > connect...
> | > >
> | > > User host/Paul07.domain.local was denied access.
> | > > Fully-Qualified-User-Name = domain.local/Computers/PAUL07
> | > > NAS-IP-Address = 192.168.100.126
> | > > NAS-Identifier =
> | > > Called-Station-Identifier = <not present>
> | > > Calling-Station-Identifier = <not present>
> | > > Client-Friendly-Name = 3com
> | > > Client-IP-Address = 192.168.100.126
> | > > NAS-Port-Type = Wireless - IEEE 802.11
> | > > NAS-Port = 29
> | > > Proxy-Policy-Name = Use Windows authentication for all users
> | > > Authentication-Provider = Windows
> | > > Authentication-Server = <undetermined>
> | > > Policy-Name = Connections to other access servers
> | > > Authentication-Type = EAP
> | > > EAP-Type = <undetermined>
> | > > Reason-Code = 65
> | > > Reason = The connection attempt failed because remote access
> permission for
> | > > the user account was denied. To allow remote access, enable
> remote access
> | > > permission for the user account, or, if the user account
> specifies that
> | > > access is controlled through the matching remote access policy,
> enable remote
> | > > access permission for that remote access policy.
> | > >
> | > > For more information, see Help and Support Center at
> | > > http://go.microsoft.com/fwlink/events.asp.
> | > >
> | > > At the moment IAS is only configured to accept PEAP
> authentication, If i
> | > > enable EAP (Which i don't want to use) i get this message..
> | > >
> | > > Because no certificate has been configured for clients dialing in
> with
> | > > EAP-TLS, a default certificate is being sent to user domain\paul.
> Please go
> | > > to the user's Remote Access Policy and configure the Extensible
> | > > Authentication Protocol (EAP).
> | > >
> | > > Like i say Vista is configured to PEAP but for some reason seems
> to be
> | > > sending info that it wants to use EAP-TLS
> | > >
> | > > What am i doing wrong?
> | > >
> | > > Thanks in advance for any help
> |
>
>

Hi Paul,

Based on my research, if the problem only occurs on Windows Vista machines,
I suggest you perform the following steps on the Vista machines:

1£®Click Start , click All Programs, click Accessories, and then click
Command Prompt.
2£®At the command prompt, type the following command, and then press ENTER:
netsh interface tcp set global autotuninglevel=disabled
This command disables the Receive Window Auto-Tuning feature.
3£®Try to make a non-HTTP network connection.
Note: If the connectivity problem is resolved, contact the manufacturer of
the firewall device for steps to correct the issue.
4£®At a command prompt, type the following command, and then press ENTER:
netsh interface tcp set global autotuninglevel=normal
This command enables Receive Window Auto-Tuning again so that you can take
advantage of the network throughput performance increase it provides.

Also I found there are new KB articles already described for this issue and
give the workaround.
934430: Network connectivity may fail when you try to use Windows Vista
behind a firewall device
http://support.microsoft.com/kb/934430

929868: A Web site sends data very slowly or drops the data completely when
you use Windows Vista Enterprise
http://support.microsoft.com/kb/929868

935400: It takes a very long time to download an e-mail message from a POP3
server in Outlook 2007
http://support.microsoft.com/kb/935400

Hope that helps!

Thanks & Regards,

Ken Zhao

Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
================================================== ==
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
================================================== ==
This posting is provided "AS IS" with no warranties, and confers no rights.





--------------------
| Thread-Topic: Vista wireless using IAS and WPA-Enterprise
| thread-index: AcfIWYuctoKjZd5iSS+80+2oiJEvyg==
| X-WBNR-Posting-Host: 207.46.19.197
| From: =?Utf-8?B?UGF1bCBNY2tlbm5h?= <(E-Mail Removed)>
| References: <CB717348-F026-42B2-BED0-(E-Mail Removed)>
<(E-Mail Removed)>
<EB1DC5EB-D1C7-43D2-943E-(E-Mail Removed)>
<uE4PtN$(E-Mail Removed)>
<44117B87-F9C9-40F4-9597-(E-Mail Removed)>
<i#(E-Mail Removed)>
| Subject: Re: Vista wireless using IAS and WPA-Enterprise
| Date: Tue, 17 Jul 2007 03:02:12 -0700
| Lines: 217
| Message-ID: <5ED8C7EE-1A2C-42BE-BB12-(E-Mail Removed)>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
| Newsgroups: microsoft.public.windows.server.networking
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.networking:5830
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windows.server.networking
|
| Hi,
|
| Thanks for your suggestion I've tried this and it makes no difference, I
| tried setting it to various numbers 1344,1000,64,128 none made any
| difference. I have since found out that using another make Access Point
| rather than 3Com and Vista will connect but all 3Com acccess points i've
| tried work fine with XP but not with Vista.
|
| I'm not sure what else to try.
|
| Regards
| Paul Mckenna
|
| ""Ken Zhao [MSFT]"" wrote:
|
| > Hello Paul,
| >
| > Thank you for using newsgroup!
| >
| > From your post, I'd like to suggest you try to reduce the EAP packet
size
| > of a Remote Authentication Dial-In User Service (RADIUS) server. You
can do
| > this by using the Framed-MTU attribute in Internet Authentication
Services
| > (IAS) of a Microsoft Windows Server 2003-based computer. For more
detailed
| > steps, please refer to:
| > 883389: How to reduce the EAP packet size by using the Framed MTU
attribute
| > in Windows Server 2003
| > http://support.microsoft.com/default...b;EN-US;883389
| >
| > Thanks & Regards,
| >
| > Ken Zhao
| >
| > Microsoft Online Support
| > Microsoft Global Technical Support Center
| >
| > Get Secure! - www.microsoft.com/security
<http://www.microsoft.com/security>
| > ================================================== ==
| > When responding to posts, please "Reply to Group" via your newsreader
so
| > that others may learn and benefit from your issue.
| > ================================================== ==
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| >
| >
| >
| >
| > --------------------
| > | Thread-Topic: Vista wireless using IAS and WPA-Enterprise
| > | thread-index: AcfH9YDU6jOQn/+xSL2/iOe7lK2ZoQ==
| > | X-WBNR-Posting-Host: 207.46.193.207
| > | From: =?Utf-8?B?UGF1bCBNY2tlbm5h?= <(E-Mail Removed)>
| > | References: <CB717348-F026-42B2-BED0-(E-Mail Removed)>
| > <(E-Mail Removed)>
| > <EB1DC5EB-D1C7-43D2-943E-(E-Mail Removed)>
| > <uE4PtN$(E-Mail Removed)>
| > | Subject: Re: Vista wireless using IAS and WPA-Enterprise
| > | Date: Mon, 16 Jul 2007 15:06:04 -0700
| > | Lines: 115
| > | Message-ID: <44117B87-F9C9-40F4-9597-(E-Mail Removed)>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
| > | Newsgroups: microsoft.public.windows.server.networking
| > | Path: TK2MSFTNGHUB02.phx.gbl
| > | Xref: TK2MSFTNGHUB02.phx.gbl
| > microsoft.public.windows.server.networking:5812
| > | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| > | X-Tomcat-NG: microsoft.public.windows.server.networking
| > |
| > | again I Appreciate your response but this works with XP, XP sends the
| > message
| > | to IAS that it wants to use PEAP authentication where as Vista sends
the
| > | message to use EAP (which is not configured and is not something i
want
| > to
| > | use) even though Vista is configured to use PEAP.
| > | So although these error message will probably help with someone who
wants
| > to
| > | use EAP-TLS without having properly configured it. They don't really
shed
| > any
| > | light on my problem.
| > |
| > | Thnaks again
| > |
| > | Regards
| > | Paul
| > |
| > |
| > | "Robert L [MVP - Networking]" wrote:
| > |
| > | > Or this post:.
| > | >
| > | > IAS Reason-Code = 22 and 97
| > | > http://chicagotech.net/netforums/viewtopic.php?t=1063
| > | >
| > | > Bob Lin, MS-MVP, MCSE & CNE
| > | > Networking, Internet, Routing, VPN Troubleshooting on
| > http://www.ChicagoTech.net
| > | > How to Setup Windows, Network, VPN & Remote Access on
| > http://www.HowToNetworking.com
| > | > "Paul Mckenna" <(E-Mail Removed)> wrote in message
| > news:EB1DC5EB-D1C7-43D2-943E-(E-Mail Removed)...
| > | >
| > | > Thanks for your quick response, It's my fault i posted the wrong
| > error
| > | > message.. The actual failure is
| > | >
| > | > User DOMAIN\Paul was denied access.
| > | > Fully-Qualified-User-Name = domain.local/Technical/Paul Mckenna
| > | > NAS-IP-Address = 192.168.100.126
| > | > NAS-Identifier =
| > | > Called-Station-Identifier = <not present>
| > | > Calling-Station-Identifier = <not present>
| > | > Client-Friendly-Name = 3com
| > | > Client-IP-Address = 192.168.100.126
| > | > NAS-Port-Type = Wireless - IEEE 802.11
| > | > NAS-Port = 29
| > | > Proxy-Policy-Name = Use Windows authentication for all users
| > | > Authentication-Provider = Windows
| > | > Authentication-Server = <undetermined>
| > | > Policy-Name = VPN
| > | > Authentication-Type = EAP
| > | > EAP-Type = <undetermined>
| > | > Reason-Code = 22
| > | > Reason = The client could not be authenticated because the
| > Extensible
| > | > Authentication Protocol (EAP) Type cannot be processed by the
server.
| > | >
| > | > For more information, see Help and Support Center at
| > | > http://go.microsoft.com/fwlink/events.asp.
| > | >
| > | > It seems to be that Vista is sending that it wants to use EAP
even
| > though
| > | > it's configured to use PEAP.
| > | >
| > | > "Robert L [MVP - Networking]" wrote:
| > | >
| > | > > I would double check the remote Access Policy. This post may
help,
| > | > >
| > | > > IAS Reason-Code = 65
| > | > >
| > | > > http://www.chicagotech.net/netforums...hp?p=1711#1711
| > | > >
| > | > >
| > | > > Bob Lin, MS-MVP, MCSE & CNE
| > | > > Networking, Internet, Routing, VPN Troubleshooting on
| > http://www.ChicagoTech.net
| > | > > How to Setup Windows, Network, VPN & Remote Access on
| > http://www.HowToNetworking.com
| > | > > "Paul Mckenna" <(E-Mail Removed)> wrote in message
| > news:CB717348-F026-42B2-BED0-(E-Mail Removed)...
| > | > > Hi,
| > | > >
| > | > > I've got a problem with Vista not connecting to our wireless
| > network,
| > | > > Everything works great with XP but on Vista although Vista is
| > configured to
| > | > > use PEAP i get this error message on the server when the
Vista PC
| > try to
| > | > > connect...
| > | > >
| > | > > User host/Paul07.domain.local was denied access.
| > | > > Fully-Qualified-User-Name = domain.local/Computers/PAUL07
| > | > > NAS-IP-Address = 192.168.100.126
| > | > > NAS-Identifier =
| > | > > Called-Station-Identifier = <not present>
| > | > > Calling-Station-Identifier = <not present>
| > | > > Client-Friendly-Name = 3com
| > | > > Client-IP-Address = 192.168.100.126
| > | > > NAS-Port-Type = Wireless - IEEE 802.11
| > | > > NAS-Port = 29
| > | > > Proxy-Policy-Name = Use Windows authentication for all users
| > | > > Authentication-Provider = Windows
| > | > > Authentication-Server = <undetermined>
| > | > > Policy-Name = Connections to other access servers
| > | > > Authentication-Type = EAP
| > | > > EAP-Type = <undetermined>
| > | > > Reason-Code = 65
| > | > > Reason = The connection attempt failed because remote access
| > permission for
| > | > > the user account was denied. To allow remote access, enable
| > remote access
| > | > > permission for the user account, or, if the user account
| > specifies that
| > | > > access is controlled through the matching remote access
policy,
| > enable remote
| > | > > access permission for that remote access policy.
| > | > >
| > | > > For more information, see Help and Support Center at
| > | > > http://go.microsoft.com/fwlink/events.asp.
| > | > >
| > | > > At the moment IAS is only configured to accept PEAP
| > authentication, If i
| > | > > enable EAP (Which i don't want to use) i get this message..
| > | > >
| > | > > Because no certificate has been configured for clients
dialing in
| > with
| > | > > EAP-TLS, a default certificate is being sent to user
domain\paul.
| > Please go
| > | > > to the user's Remote Access Policy and configure the
Extensible
| > | > > Authentication Protocol (EAP).
| > | > >
| > | > > Like i say Vista is configured to PEAP but for some reason
seems
| > to be
| > | > > sending info that it wants to use EAP-TLS
| > | > >
| > | > > What am i doing wrong?
| > | > >
| > | > > Thanks in advance for any help
| > |
| >
| >
|

Thanks for your suggestion.

I've tried turning off autotuninglevel on the Vista machines but with no
joy, I've also looked at the KB articles none of which seem to relate to the
problem i'm having but i've tried the suggestions, Still nothing.

Just to recap when using any 3Com Access Point with a windows Vista client
the 3com access point sends data to the IAS server to say it wants to use EAP
(even thought vista is configured to use PEAP) authentication, with an XP
client the 3com box sends it want to use PEAP authentication. If i enable
EAP-TLS authentication on IAS and install a user certificate on the Vista
machine and set Vista to use a certificate to log in, the connection works
but it's a lot of hassle maintaining and installing certificates for each
user, i would much rather use PEAP.

Regards
Paul Mckenna
""Ken Zhao [MSFT]"" wrote:

> Hi Paul,
>
> Based on my research, if the problem only occurs on Windows Vista machines,
> I suggest you perform the following steps on the Vista machines:
>
> 1£®Click Start , click All Programs, click Accessories, and then click
> Command Prompt.
> 2£®At the command prompt, type the following command, and then press ENTER:
> netsh interface tcp set global autotuninglevel=disabled
> This command disables the Receive Window Auto-Tuning feature.
> 3£®Try to make a non-HTTP network connection.
> Note: If the connectivity problem is resolved, contact the manufacturer of
> the firewall device for steps to correct the issue.
> 4£®At a command prompt, type the following command, and then press ENTER:
> netsh interface tcp set global autotuninglevel=normal
> This command enables Receive Window Auto-Tuning again so that you can take
> advantage of the network throughput performance increase it provides.
>
> Also I found there are new KB articles already described for this issue and
> give the workaround.
> 934430: Network connectivity may fail when you try to use Windows Vista
> behind a firewall device
> http://support.microsoft.com/kb/934430
>
> 929868: A Web site sends data very slowly or drops the data completely when
> you use Windows Vista Enterprise
> http://support.microsoft.com/kb/929868
>
> 935400: It takes a very long time to download an e-mail message from a POP3
> server in Outlook 2007
> http://support.microsoft.com/kb/935400
>
> Hope that helps!
>
> Thanks & Regards,
>
> Ken Zhao
>
> Microsoft Online Support
> Microsoft Global Technical Support Center
>
> Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
> ================================================== ==
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> ================================================== ==
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
>
>
>
> --------------------
> | Thread-Topic: Vista wireless using IAS and WPA-Enterprise
> | thread-index: AcfIWYuctoKjZd5iSS+80+2oiJEvyg==
> | X-WBNR-Posting-Host: 207.46.19.197
> | From: =?Utf-8?B?UGF1bCBNY2tlbm5h?= <(E-Mail Removed)>
> | References: <CB717348-F026-42B2-BED0-(E-Mail Removed)>
> <(E-Mail Removed)>
> <EB1DC5EB-D1C7-43D2-943E-(E-Mail Removed)>
> <uE4PtN$(E-Mail Removed)>
> <44117B87-F9C9-40F4-9597-(E-Mail Removed)>
> <i#(E-Mail Removed)>
> | Subject: Re: Vista wireless using IAS and WPA-Enterprise
> | Date: Tue, 17 Jul 2007 03:02:12 -0700
> | Lines: 217
> | Message-ID: <5ED8C7EE-1A2C-42BE-BB12-(E-Mail Removed)>
> | MIME-Version: 1.0
> | Content-Type: text/plain;
> | charset="Utf-8"
> | Content-Transfer-Encoding: 7bit
> | X-Newsreader: Microsoft CDO for Windows 2000
> | Content-Class: urn:content-classes:message
> | Importance: normal
> | Priority: normal
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
> | Newsgroups: microsoft.public.windows.server.networking
> | Path: TK2MSFTNGHUB02.phx.gbl
> | Xref: TK2MSFTNGHUB02.phx.gbl
> microsoft.public.windows.server.networking:5830
> | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
> | X-Tomcat-NG: microsoft.public.windows.server.networking
> |
> | Hi,
> |
> | Thanks for your suggestion I've tried this and it makes no difference, I
> | tried setting it to various numbers 1344,1000,64,128 none made any
> | difference. I have since found out that using another make Access Point
> | rather than 3Com and Vista will connect but all 3Com acccess points i've
> | tried work fine with XP but not with Vista.
> |
> | I'm not sure what else to try.
> |
> | Regards
> | Paul Mckenna
> |
> | ""Ken Zhao [MSFT]"" wrote:
> |
> | > Hello Paul,
> | >
> | > Thank you for using newsgroup!
> | >
> | > From your post, I'd like to suggest you try to reduce the EAP packet
> size
> | > of a Remote Authentication Dial-In User Service (RADIUS) server. You
> can do
> | > this by using the Framed-MTU attribute in Internet Authentication
> Services
> | > (IAS) of a Microsoft Windows Server 2003-based computer. For more
> detailed
> | > steps, please refer to:
> | > 883389: How to reduce the EAP packet size by using the Framed MTU
> attribute
> | > in Windows Server 2003
> | > http://support.microsoft.com/default...b;EN-US;883389
> | >
> | > Thanks & Regards,
> | >
> | > Ken Zhao
> | >
> | > Microsoft Online Support
> | > Microsoft Global Technical Support Center
> | >
> | > Get Secure! - www.microsoft.com/security
> <http://www.microsoft.com/security>
> | > ================================================== ==
> | > When responding to posts, please "Reply to Group" via your newsreader
> so
> | > that others may learn and benefit from your issue.
> | > ================================================== ==
> | > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> | >
> | >
> | >
> | >
> | >
> | > --------------------
> | > | Thread-Topic: Vista wireless using IAS and WPA-Enterprise
> | > | thread-index: AcfH9YDU6jOQn/+xSL2/iOe7lK2ZoQ==
> | > | X-WBNR-Posting-Host: 207.46.193.207
> | > | From: =?Utf-8?B?UGF1bCBNY2tlbm5h?= <(E-Mail Removed)>
> | > | References: <CB717348-F026-42B2-BED0-(E-Mail Removed)>
> | > <(E-Mail Removed)>
> | > <EB1DC5EB-D1C7-43D2-943E-(E-Mail Removed)>
> | > <uE4PtN$(E-Mail Removed)>
> | > | Subject: Re: Vista wireless using IAS and WPA-Enterprise
> | > | Date: Mon, 16 Jul 2007 15:06:04 -0700
> | > | Lines: 115
> | > | Message-ID: <44117B87-F9C9-40F4-9597-(E-Mail Removed)>
> | > | MIME-Version: 1.0
> | > | Content-Type: text/plain;
> | > | charset="Utf-8"
> | > | Content-Transfer-Encoding: 7bit
> | > | X-Newsreader: Microsoft CDO for Windows 2000
> | > | Content-Class: urn:content-classes:message
> | > | Importance: normal
> | > | Priority: normal
> | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2826
> | > | Newsgroups: microsoft.public.windows.server.networking
> | > | Path: TK2MSFTNGHUB02.phx.gbl
> | > | Xref: TK2MSFTNGHUB02.phx.gbl
> | > microsoft.public.windows.server.networking:5812
> | > | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
> | > | X-Tomcat-NG: microsoft.public.windows.server.networking
> | > |
> | > | again I Appreciate your response but this works with XP, XP sends the
> | > message
> | > | to IAS that it wants to use PEAP authentication where as Vista sends
> the
> | > | message to use EAP (which is not configured and is not something i
> want
> | > to
> | > | use) even though Vista is configured to use PEAP.
> | > | So although these error message will probably help with someone who
> wants
> | > to
> | > | use EAP-TLS without having properly configured it. They don't really
> shed
> | > any
> | > | light on my problem.
> | > |
> | > | Thnaks again
> | > |
> | > | Regards
> | > | Paul
> | > |
> | > |
> | > | "Robert L [MVP - Networking]" wrote:
> | > |
> | > | > Or this post:.
> | > | >
> | > | > IAS Reason-Code = 22 and 97
> | > | > http://chicagotech.net/netforums/viewtopic.php?t=1063
> | > | >
> | > | > Bob Lin, MS-MVP, MCSE & CNE
> | > | > Networking, Internet, Routing, VPN Troubleshooting on
> | > http://www.ChicagoTech.net
> | > | > How to Setup Windows, Network, VPN & Remote Access on
> | > http://www.HowToNetworking.com
> | > | > "Paul Mckenna" <(E-Mail Removed)> wrote in message
> | > news:EB1DC5EB-D1C7-43D2-943E-(E-Mail Removed)...
> | > | >
> | > | > Thanks for your quick response, It's my fault i posted the wrong
> | > error
> | > | > message.. The actual failure is
> | > | >
> | > | > User DOMAIN\Paul was denied access.
> | > | > Fully-Qualified-User-Name = domain.local/Technical/Paul Mckenna
> | > | > NAS-IP-Address = 192.168.100.126
> | > | > NAS-Identifier =
> | > | > Called-Station-Identifier = <not present>
> | > | > Calling-Station-Identifier = <not present>
> | > | > Client-Friendly-Name = 3com
> | > | > Client-IP-Address = 192.168.100.126
> | > | > NAS-Port-Type = Wireless - IEEE 802.11
> | > | > NAS-Port = 29
> | > | > Proxy-Policy-Name = Use Windows authentication for all users
> | > | > Authentication-Provider = Windows
> | > | > Authentication-Server = <undetermined>
> | > | > Policy-Name = VPN
> | > | > Authentication-Type = EAP
> | > | > EAP-Type = <undetermined>
> | > | > Reason-Code = 22
> | > | > Reason = The client could not be authenticated because the
> | > Extensible
> | > | > Authentication Protocol (EAP) Type cannot be processed by the
> server.
> | > | >
> | > | > For more information, see Help and Support Center at
> | > | > http://go.microsoft.com/fwlink/events.asp.
> | > | >
> | > | > It seems to be that Vista is sending that it wants to use EAP
> even
> | > though
> | > | > it's configured to use PEAP.
> | > | >
> | > | > "Robert L [MVP - Networking]" wrote:
> | > | >
> | > | > > I would double check the remote Access Policy. This post may
> help,
> | > | > >
> | > | > > IAS Reason-Code = 65
> | > | > >
> | > | > > http://www.chicagotech.net/netforums...hp?p=1711#1711
> | > | > >
> | > | > >
> | > | > > Bob Lin, MS-MVP, MCSE & CNE
> | > | > > Networking, Internet, Routing, VPN Troubleshooting on
> | > http://www.ChicagoTech.net
> | > | > > How to Setup Windows, Network, VPN & Remote Access on
> | > http://www.HowToNetworking.com
> | > | > > "Paul Mckenna" <(E-Mail Removed)> wrote in message
> | > news:CB717348-F026-42B2-BED0-(E-Mail Removed)...
> | > | > > Hi,
> | > | > >
> | > | > > I've got a problem with Vista not connecting to our wireless
> | > network,
> | > | > > Everything works great with XP but on Vista although Vista is
> | > configured to
> | > | > > use PEAP i get this error message on the server when the
> Vista PC
> | > try to
> | > | > > connect...
> | > | > >
> | > | > > User host/Paul07.domain.local was denied access.
> | > | > > Fully-Qualified-User-Name = domain.local/Computers/PAUL07
> | > | > > NAS-IP-Address = 192.168.100.126
> | > | > > NAS-Identifier =
> | > | > > Called-Station-Identifier = <not present>
> | > | > > Calling-Station-Identifier = <not present>
> | > | > > Client-Friendly-Name = 3com
> | > | > > Client-IP-Address = 192.168.100.126
> | > | > > NAS-Port-Type = Wireless - IEEE 802.11
> | > | > > NAS-Port = 29
> | > | > > Proxy-Policy-Name = Use Windows authentication for all users
> | > | > > Authentication-Provider = Windows
> | > | > > Authentication-Server = <undetermined>
> | > | > > Policy-Name = Connections to other access servers
> | > | > > Authentication-Type = EAP
> | > | > > EAP-Type = <undetermined>
> | > | > > Reason-Code = 65
> | > | > > Reason = The connection attempt failed because remote access
> | > permission for
> | > | > > the user account was denied. To allow remote access, enable
> | > remote access
> | > | > > permission for the user account, or, if the user account
> | > specifies that
> | > | > > access is controlled through the matching remote access
> policy,
> | > enable remote
> | > | > > access permission for that remote access policy.
> | > | > >
> | > | > > For more information, see Help and Support Center at
> | > | > > http://go.microsoft.com/fwlink/events.asp.
> | > | > >
> | > | > > At the moment IAS is only configured to accept PEAP
> | > authentication, If i
> | > | > > enable EAP (Which i don't want to use) i get this message..
> | > | > >