Windows Server 2008 Network Policy Server

05-24-2008, 08:20 AM

Hi

I have a problem authenticating clients and users on my network with Windows
Server 2008 Network Policy Server.

I have 1 server running Windows Server 2008 Datacenter (192.168.23.1;
Computer name is PROXIMA) with:
Active Directory (Primary Domain Controller)
DNS
DHCP (Scrope: 192.168.23.x; Subnet: 255.255.255.0)
NPS
Routing and Remote Access - VPN and NAT server

My client computers are running Windows Vista Ultimate (Computer names MARS
and VULPECULA).

I have 2 Connection Request Policies in Network Policy Server:
* Microsoft Routing and Remote Access Service Policy - Enabled - Order: 1 -
Source: Remote Access Server (VPN-Dail up)
* Use Windows authentication for all users - Enabled - Order: 100000 -
Source: Unspecified

My clients cannot get any connection with the server when the Use Windows
authentication for all users is set to the following:
Forwarding Connection Request: Authentication is set to Authenticate
requests on this server.

In the event viewer I get the following message:

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 5/24/2008 9:56:51 AM
Event ID: 6273
Task Category: Network Policy Server
Level: Information
Keywords: Audit Failure
User: N/A
Computer: PROXIMA.ecmatech.local
Description:
Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
Security ID: NULL SID
Account Name: -
Account Domain: -
Fully Qualified Account Name: -

Client Machine:
Security ID: NULL SID
Account Name: MARS
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: 192.168.23.0
Calling Station Identifier: 000D8833BF40

NAS:
NAS IPv4 Address: 192.168.23.1
NAS IPv6 Address: -
NAS Identifier: PROXIMA
NAS Port-Type: Ethernet
NAS Port: -

RADIUS Client:
Client Friendly Name: -
Client IP Address: -

Authentication Details:
Proxy Policy Name: Use Windows authentication for all users
Network Policy Name: Connections to other access servers
Authentication Provider: Windows
Authentication Server: PROXIMA.ecmatech.local
Authentication Type: Unauthenticated
EAP Type: -
Account Session Identifier: 313637353439393838
Reason Code: 65
Reason: The connection attempt failed because network access permission
for the user account was denied. To allow network access, enable network
access permission for the user account, or, if the user account specifies
that access is controlled through the matching network policy, enable network
access permission for that network policy.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing"
Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>6273</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12552</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2008-05-24T07:56:51.515Z" />
<EventRecordID>439257</EventRecordID>
<Correlation />
<Execution ProcessID="640" ThreadID="1276" />
<Channel>Security</Channel>
<Computer>PROXIMA.ecmatech.local</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-0-0</Data>
<Data Name="SubjectUserName">-</Data>
<Data Name="SubjectDomainName">-</Data>
<Data Name="FullyQualifiedSubjectUserName">-</Data>
<Data Name="SubjectMachineSID">S-1-0-0</Data>
<Data Name="SubjectMachineName">MARS</Data>
<Data Name="FullyQualifiedSubjectMachineName">-</Data>
<Data Name="MachineInventory">-</Data>
<Data Name="CalledStationID">192.168.23.0</Data>
<Data Name="CallingStationID">000D8833BF40</Data>
<Data Name="NASIPv4Address">192.168.23.1</Data>
<Data Name="NASIPv6Address">-</Data>
<Data Name="NASIdentifier">PROXIMA</Data>
<Data Name="NASPortType">Ethernet </Data>
<Data Name="NASPort">-</Data>
<Data Name="ClientName">-</Data>
<Data Name="ClientIPAddress">-</Data>
<Data Name="ProxyPolicyName">Use Windows authentication for all
users</Data>
<Data Name="NetworkPolicyName">Connections to other access servers</Data>
<Data Name="AuthenticationProvider">Windows </Data>
<Data Name="AuthenticationServer">PROXIMA.ecmatech.local </Data>
<Data Name="AuthenticationType">Unauthenticated </Data>
<Data Name="EAPType">-</Data>
<Data Name="AccountSessionIdentifier">313637353439393838 </Data>
<Data Name="ReasonCode">65</Data>
<Data Name="Reason">The connection attempt failed because network access
permission for the user account was denied. To allow network access, enable
network access permission for the user account, or, if the user account
specifies that access is controlled through the matching network policy,
enable network access permission for that network policy. </Data>
</EventData>
</Event>

If I change the Use Windows authentication for all users policy to to:
Accept users without validating credentials
then it works fine.

Any help would be appreciated.

Thanks!
Edward

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Windows Server 2008 R2 Network Browsing	Guido	Windows Networking	7	02-04-2010 08:28 AM
Domain Server changes DDNS address (Windows Server 2008)	keenan.pat@gmail.com	Windows Networking	6	10-13-2008 10:31 PM
Windows 2008 Server - unable to copy files from server to another machine; reverse works fine	Ziga Jakhel	Windows Networking	0	06-16-2008 10:02 AM
Windows Server 2008 Tips - The next enterprise server version ofWindows!	Russel Pitt	Windows Networking	1	12-06-2007 02:58 PM
The Windows Server 2008 Foundation Network Guide is published on the Web	James McIllece [MS]	Windows Networking	0	11-26-2007 07:28 PM