Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Wireless Networking > Problem with setting up a Wireless network with Windows 2003 SP1

Reply
Thread Tools

Problem with setting up a Wireless network with Windows 2003 SP1

 
 
Amit Zinman
Guest
Posts: n/a
 
      12-13-2005
I've been trying to set up a wireless network with trendnet equipment,
Windows 2003 SP1 and Windows XP SP2 clients with Firewall disabled.
I setup IAS tried accessing the wireless network, I successfully connect but
then get an error message "Unable to log on to the network".

Any ideas?

Amit


 
Reply With Quote
 
 
 
 
Washington Moreira
Guest
Posts: n/a
 
      12-14-2005
Hi Amit, check this:

Your IAS is configured with a valid certificate type?
If yes, is this certificate trusted by the client(XP SP2)?
On IAS, RADIUS client is configured with "Request must contain the Message
Authenticator Attribute?
Dial-in permission is enabled to the user?
The authentication type is enabled on your RADIUS policy profile EAP
Methods? (PEAP or Smart Card/Certificates)
Another username, that no more exists, was used before, with a succcessful
logon?

--------------------------------------
Washington Moreira


"Amit Zinman" <(E-Mail Removed)> wrote in message
news:%23V6EOw$$(E-Mail Removed)...
> I've been trying to set up a wireless network with trendnet equipment,
> Windows 2003 SP1 and Windows XP SP2 clients with Firewall disabled.
> I setup IAS tried accessing the wireless network, I successfully connect
> but then get an error message "Unable to log on to the network".
>
> Any ideas?
>
> Amit
>



 
Reply With Quote
 
 
 
 
Amit Zinman
Guest
Posts: n/a
 
      12-14-2005
Answers inline

"Washington Moreira" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Amit, check this:
>
> Your IAS is configured with a valid certificate type?

It is, obtained from the certificate authority

> If yes, is this certificate trusted by the client(XP SP2)?


How can I check this (all of our clients are XP SP2)

> On IAS, RADIUS client is configured with "Request must contain the Message
> Authenticator Attribute?


Should it be?

> Dial-in permission is enabled to the user?


Yes
> The authentication type is enabled on your RADIUS policy profile EAP
> Methods? (PEAP or Smart Card/Certificates)


I chose PEAP, is that correct?

> Another username, that no more exists, was used before, with a succcessful
> logon?


No

> --------------------------------------
> Washington Moreira
>
>
> "Amit Zinman" <(E-Mail Removed)> wrote in message
> news:%23V6EOw$$(E-Mail Removed)...
>> I've been trying to set up a wireless network with trendnet equipment,
>> Windows 2003 SP1 and Windows XP SP2 clients with Firewall disabled.
>> I setup IAS tried accessing the wireless network, I successfully connect
>> but then get an error message "Unable to log on to the network".
>>
>> Any ideas?
>>
>> Amit
>>

>
>



 
Reply With Quote
 
Washington Moreira
Guest
Posts: n/a
 
      12-14-2005
Hi Amit,

Comments inline...

>> Your IAS is configured with a valid certificate type?

> It is, obtained from the certificate authority


Certificates for EAP / PEAP-MS-CHAP V2 needs some requirements.
http://www.microsoft.com/technet/pro...923302a50.mspx
http://www.microsoft.com/downloads/d...DisplayLang=en


>> If yes, is this certificate trusted by the client(XP SP2)?

> How can I check this (all of our clients are XP SP2)


If the certificate was obtained from a public certificate authority as
VeriSign and it is the correct type, the certificate already is trusted by
your XP SP2 machines. But you can look, by using the Certificates snap-in
(with MMC), if the authority is inside the "Trusted Certificates
Authorities" folder.

>> On IAS, RADIUS client is configured with "Request must contain the
>> Message Authenticator Attribute?

> Should it be?


With EAP/PEAP this is used by default. No matter, but I allways mark this
check-box.

>> Dial-in permission is enabled to the user?

> Yes


OK.

>> The authentication type is enabled on your RADIUS policy profile EAP
>> Methods? (PEAP or Smart Card/Certificates)

>
> I chose PEAP, is that correct?


Yes, but confirm that the correct certificate is selected.

>> Another username, that no more exists, was used before, with a
>> succcessful logon?

> No


OK.

If the certificate requirements is correct, can you enable tracing on your
IAS server?

netsh ras set tracing * enabled

Then you can look for iassam.log and rastls.log to find more informations
about what is going wrong.
You'll find these log files on \systemdir\tracing.

To disable tracing use:

netsh ras set tracing * disabled

Also you can find some informations on Event Viewer - System

_____________________________
Washington Moreira


 
Reply With Quote
 
Amit Zinman
Guest
Posts: n/a
 
      12-15-2005

My certificate is not obtained from a public one. Would that matter? ALso,
can I not implement security with just the password and no certificate?

"Washington Moreira" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Hi Amit,
>
> Comments inline...
>
>>> Your IAS is configured with a valid certificate type?

>> It is, obtained from the certificate authority

>
> Certificates for EAP / PEAP-MS-CHAP V2 needs some requirements.
> http://www.microsoft.com/technet/pro...923302a50.mspx
> http://www.microsoft.com/downloads/d...DisplayLang=en
>
>
>>> If yes, is this certificate trusted by the client(XP SP2)?

>> How can I check this (all of our clients are XP SP2)

>
> If the certificate was obtained from a public certificate authority as
> VeriSign and it is the correct type, the certificate already is trusted by
> your XP SP2 machines. But you can look, by using the Certificates snap-in
> (with MMC), if the authority is inside the "Trusted Certificates
> Authorities" folder.
>
>>> On IAS, RADIUS client is configured with "Request must contain the
>>> Message Authenticator Attribute?

>> Should it be?

>
> With EAP/PEAP this is used by default. No matter, but I allways mark this
> check-box.
>
>>> Dial-in permission is enabled to the user?

>> Yes

>
> OK.
>
>>> The authentication type is enabled on your RADIUS policy profile EAP
>>> Methods? (PEAP or Smart Card/Certificates)

>>
>> I chose PEAP, is that correct?

>
> Yes, but confirm that the correct certificate is selected.
>
>>> Another username, that no more exists, was used before, with a
>>> succcessful logon?

>> No

>
> OK.
>
> If the certificate requirements is correct, can you enable tracing on your
> IAS server?
>
> netsh ras set tracing * enabled
>
> Then you can look for iassam.log and rastls.log to find more informations
> about what is going wrong.
> You'll find these log files on \systemdir\tracing.
>
> To disable tracing use:
>
> netsh ras set tracing * disabled
>
> Also you can find some informations on Event Viewer - System
>
> _____________________________
> Washington Moreira
>



 
Reply With Quote
 
Washington Moreira
Guest
Posts: n/a
 
      12-15-2005
Hi Amit,

With PEAP, the RADIUS Server must authenticates with clients by using a
certificate. PEAP negotiation occurs through a TLS tunnel.

Your clients doesn't need certificates for PEAP, but could use if you want.
But the certificate used by IAS, must be trusted by the clients.

If your CA is a Windows 2003, you can issue a correct certificate for IAS.
However, all clients not domain members, will need to install your CA
certificate.

If your CA is a W2K, you can generates a certificate template for IAS, by
following the requirements.

Washington Moreira.

"Amit Zinman" <(E-Mail Removed)> wrote in message
news:e%(E-Mail Removed)...
>
> My certificate is not obtained from a public one. Would that matter? ALso,
> can I not implement security with just the password and no certificate?
>
> "Washington Moreira" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> Hi Amit,
>>
>> Comments inline...
>>
>>>> Your IAS is configured with a valid certificate type?
>>> It is, obtained from the certificate authority

>>
>> Certificates for EAP / PEAP-MS-CHAP V2 needs some requirements.
>> http://www.microsoft.com/technet/pro...923302a50.mspx
>> http://www.microsoft.com/downloads/d...DisplayLang=en
>>
>>
>>>> If yes, is this certificate trusted by the client(XP SP2)?
>>> How can I check this (all of our clients are XP SP2)

>>
>> If the certificate was obtained from a public certificate authority as
>> VeriSign and it is the correct type, the certificate already is trusted
>> by your XP SP2 machines. But you can look, by using the Certificates
>> snap-in (with MMC), if the authority is inside the "Trusted Certificates
>> Authorities" folder.
>>
>>>> On IAS, RADIUS client is configured with "Request must contain the
>>>> Message Authenticator Attribute?
>>> Should it be?

>>
>> With EAP/PEAP this is used by default. No matter, but I allways mark
>> this check-box.
>>
>>>> Dial-in permission is enabled to the user?
>>> Yes

>>
>> OK.
>>
>>>> The authentication type is enabled on your RADIUS policy profile EAP
>>>> Methods? (PEAP or Smart Card/Certificates)
>>>
>>> I chose PEAP, is that correct?

>>
>> Yes, but confirm that the correct certificate is selected.
>>
>>>> Another username, that no more exists, was used before, with a
>>>> succcessful logon?
>>> No

>>
>> OK.
>>
>> If the certificate requirements is correct, can you enable tracing on
>> your IAS server?
>>
>> netsh ras set tracing * enabled
>>
>> Then you can look for iassam.log and rastls.log to find more informations
>> about what is going wrong.
>> You'll find these log files on \systemdir\tracing.
>>
>> To disable tracing use:
>>
>> netsh ras set tracing * disabled
>>
>> Also you can find some informations on Event Viewer - System
>>
>> _____________________________
>> Washington Moreira
>>

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows Server 2003x64 R2 ADPREP vs Windows Server 2003 SP1 DC =?Utf-8?B?YWtlaWlp?= Windows 64bit 12 09-20-2007 05:18 AM
troubles building python 2.5 on Windows XP x64 Windows Server 2003 sp1 Platform SDK bhochstetler@gmail.com Python 8 04-11-2007 10:45 PM
Server 2003 SP1 introduced "enableBestFitResponseEncoding" setting =?Utf-8?B?VG9yc3RlbiBTdHVybQ==?= ASP .Net 0 08-31-2005 12:57 PM
ASP.NET 1.1 VERSION ON WIN SERVER 2003 SP1 & VS 2003 Arch. =?Utf-8?B?RHIuIFBhdWwgQ2Flc2FyIC0gQ291bGxCeXRlIChVSykgTGltaXRlZA==?= ASP .Net 1 04-30-2005 02:33 PM
Windows Server 2003 SP1 and VS Studio 2003 installation program Jeremy Holt ASP .Net 0 04-01-2005 05:02 AM



Advertisments