Event viewer -> Custom Views\Server Roles\Network Policy and Access Services
Run CMD as administrator
Check if its on
auditpol /get /subcategory:"Network Policy Server"
If it shows "no auditing" its off
Switch it on (run CMD as admin)
auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable
Check if its on after running command above - had an issue where it didn't switch on, not sure what the problem was I was stopping/starting the NPS server around the same not.
Common issues
Confirm the IP's of radius clients are correct double check for any typos check name and the actual IP set
Confirm the shared secret matches on the client (WIFI AP etc) and server end (NPS server) often copying from a previous one will work fine.
Stop/Start NPS server after adding new radius clients
Check the NPS logs as detailed above while trying the radius connection
Run wireshark on NPS server to confirm radius request arrives
Saw an issue with a new zone directory the traffic.
Old ZD was working fine with radius
Moved to new ZD and its not working
We found the connection profile was not matching
Old one was matching on "Wireless - IEEE 802.11"
The new traffic was showing up as "VPN" for some reason
Added VPN to the connection policies and it was working so moved on.
Check the nas id on wireshark packets coming in
check the event log/auditing
check if we can config the nas id on the ZD
Serer 2019 and windows firewall
sc sidtype IAS unrestricted
https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-firewalls-configure#windows-firewall-on-the-local-nps
Basically, by default the firewall on windows server 2019 block all the connections to NPS and this command changes it.
No comments:
Post a Comment