Problem with setting up a Wireless network with Windows 2003 SP1

Discussion in 'Wireless Networking' started by Amit Zinman, Dec 13, 2005.

  1. Amit Zinman

    Amit Zinman Guest

    I've been trying to set up a wireless network with trendnet equipment,
    Windows 2003 SP1 and Windows XP SP2 clients with Firewall disabled.
    I setup IAS tried accessing the wireless network, I successfully connect but
    then get an error message "Unable to log on to the network".

    Any ideas?

    Amit
     
    Amit Zinman, Dec 13, 2005
    #1
    1. Advertising

  2. Hi Amit, check this:

    Your IAS is configured with a valid certificate type?
    If yes, is this certificate trusted by the client(XP SP2)?
    On IAS, RADIUS client is configured with "Request must contain the Message
    Authenticator Attribute?
    Dial-in permission is enabled to the user?
    The authentication type is enabled on your RADIUS policy profile EAP
    Methods? (PEAP or Smart Card/Certificates)
    Another username, that no more exists, was used before, with a succcessful
    logon?

    --------------------------------------
    Washington Moreira


    "Amit Zinman" <> wrote in message
    news:%23V6EOw$$...
    > I've been trying to set up a wireless network with trendnet equipment,
    > Windows 2003 SP1 and Windows XP SP2 clients with Firewall disabled.
    > I setup IAS tried accessing the wireless network, I successfully connect
    > but then get an error message "Unable to log on to the network".
    >
    > Any ideas?
    >
    > Amit
    >
     
    Washington Moreira, Dec 14, 2005
    #2
    1. Advertising

  3. Amit Zinman

    Amit Zinman Guest

    Answers inline

    "Washington Moreira" <> wrote in message
    news:...
    > Hi Amit, check this:
    >
    > Your IAS is configured with a valid certificate type?

    It is, obtained from the certificate authority

    > If yes, is this certificate trusted by the client(XP SP2)?


    How can I check this (all of our clients are XP SP2)

    > On IAS, RADIUS client is configured with "Request must contain the Message
    > Authenticator Attribute?


    Should it be?

    > Dial-in permission is enabled to the user?


    Yes
    > The authentication type is enabled on your RADIUS policy profile EAP
    > Methods? (PEAP or Smart Card/Certificates)


    I chose PEAP, is that correct?

    > Another username, that no more exists, was used before, with a succcessful
    > logon?


    No

    > --------------------------------------
    > Washington Moreira
    >
    >
    > "Amit Zinman" <> wrote in message
    > news:%23V6EOw$$...
    >> I've been trying to set up a wireless network with trendnet equipment,
    >> Windows 2003 SP1 and Windows XP SP2 clients with Firewall disabled.
    >> I setup IAS tried accessing the wireless network, I successfully connect
    >> but then get an error message "Unable to log on to the network".
    >>
    >> Any ideas?
    >>
    >> Amit
    >>

    >
    >
     
    Amit Zinman, Dec 14, 2005
    #3
  4. Hi Amit,

    Comments inline...

    >> Your IAS is configured with a valid certificate type?

    > It is, obtained from the certificate authority


    Certificates for EAP / PEAP-MS-CHAP V2 needs some requirements.
    http://www.microsoft.com/technet/pr...elp/d2a1ffaf-cc01-4e00-a92e-336923302a50.mspx
    http://www.microsoft.com/downloads/...3c-d2d9-408d-bd97-139afc60996b&DisplayLang=en


    >> If yes, is this certificate trusted by the client(XP SP2)?

    > How can I check this (all of our clients are XP SP2)


    If the certificate was obtained from a public certificate authority as
    VeriSign and it is the correct type, the certificate already is trusted by
    your XP SP2 machines. But you can look, by using the Certificates snap-in
    (with MMC), if the authority is inside the "Trusted Certificates
    Authorities" folder.

    >> On IAS, RADIUS client is configured with "Request must contain the
    >> Message Authenticator Attribute?

    > Should it be?


    With EAP/PEAP this is used by default. No matter, but I allways mark this
    check-box.

    >> Dial-in permission is enabled to the user?

    > Yes


    OK.

    >> The authentication type is enabled on your RADIUS policy profile EAP
    >> Methods? (PEAP or Smart Card/Certificates)

    >
    > I chose PEAP, is that correct?


    Yes, but confirm that the correct certificate is selected.

    >> Another username, that no more exists, was used before, with a
    >> succcessful logon?

    > No


    OK.

    If the certificate requirements is correct, can you enable tracing on your
    IAS server?

    netsh ras set tracing * enabled

    Then you can look for iassam.log and rastls.log to find more informations
    about what is going wrong.
    You'll find these log files on \systemdir\tracing.

    To disable tracing use:

    netsh ras set tracing * disabled

    Also you can find some informations on Event Viewer - System

    _____________________________
    Washington Moreira
     
    Washington Moreira, Dec 14, 2005
    #4
  5. Amit Zinman

    Amit Zinman Guest

    My certificate is not obtained from a public one. Would that matter? ALso,
    can I not implement security with just the password and no certificate?

    "Washington Moreira" <> wrote in message
    news:%...
    > Hi Amit,
    >
    > Comments inline...
    >
    >>> Your IAS is configured with a valid certificate type?

    >> It is, obtained from the certificate authority

    >
    > Certificates for EAP / PEAP-MS-CHAP V2 needs some requirements.
    > http://www.microsoft.com/technet/pr...elp/d2a1ffaf-cc01-4e00-a92e-336923302a50.mspx
    > http://www.microsoft.com/downloads/...3c-d2d9-408d-bd97-139afc60996b&DisplayLang=en
    >
    >
    >>> If yes, is this certificate trusted by the client(XP SP2)?

    >> How can I check this (all of our clients are XP SP2)

    >
    > If the certificate was obtained from a public certificate authority as
    > VeriSign and it is the correct type, the certificate already is trusted by
    > your XP SP2 machines. But you can look, by using the Certificates snap-in
    > (with MMC), if the authority is inside the "Trusted Certificates
    > Authorities" folder.
    >
    >>> On IAS, RADIUS client is configured with "Request must contain the
    >>> Message Authenticator Attribute?

    >> Should it be?

    >
    > With EAP/PEAP this is used by default. No matter, but I allways mark this
    > check-box.
    >
    >>> Dial-in permission is enabled to the user?

    >> Yes

    >
    > OK.
    >
    >>> The authentication type is enabled on your RADIUS policy profile EAP
    >>> Methods? (PEAP or Smart Card/Certificates)

    >>
    >> I chose PEAP, is that correct?

    >
    > Yes, but confirm that the correct certificate is selected.
    >
    >>> Another username, that no more exists, was used before, with a
    >>> succcessful logon?

    >> No

    >
    > OK.
    >
    > If the certificate requirements is correct, can you enable tracing on your
    > IAS server?
    >
    > netsh ras set tracing * enabled
    >
    > Then you can look for iassam.log and rastls.log to find more informations
    > about what is going wrong.
    > You'll find these log files on \systemdir\tracing.
    >
    > To disable tracing use:
    >
    > netsh ras set tracing * disabled
    >
    > Also you can find some informations on Event Viewer - System
    >
    > _____________________________
    > Washington Moreira
    >
     
    Amit Zinman, Dec 15, 2005
    #5
  6. Hi Amit,

    With PEAP, the RADIUS Server must authenticates with clients by using a
    certificate. PEAP negotiation occurs through a TLS tunnel.

    Your clients doesn't need certificates for PEAP, but could use if you want.
    But the certificate used by IAS, must be trusted by the clients.

    If your CA is a Windows 2003, you can issue a correct certificate for IAS.
    However, all clients not domain members, will need to install your CA
    certificate.

    If your CA is a W2K, you can generates a certificate template for IAS, by
    following the requirements.

    Washington Moreira.

    "Amit Zinman" <> wrote in message
    news:e%...
    >
    > My certificate is not obtained from a public one. Would that matter? ALso,
    > can I not implement security with just the password and no certificate?
    >
    > "Washington Moreira" <> wrote in message
    > news:%...
    >> Hi Amit,
    >>
    >> Comments inline...
    >>
    >>>> Your IAS is configured with a valid certificate type?
    >>> It is, obtained from the certificate authority

    >>
    >> Certificates for EAP / PEAP-MS-CHAP V2 needs some requirements.
    >> http://www.microsoft.com/technet/pr...elp/d2a1ffaf-cc01-4e00-a92e-336923302a50.mspx
    >> http://www.microsoft.com/downloads/...3c-d2d9-408d-bd97-139afc60996b&DisplayLang=en
    >>
    >>
    >>>> If yes, is this certificate trusted by the client(XP SP2)?
    >>> How can I check this (all of our clients are XP SP2)

    >>
    >> If the certificate was obtained from a public certificate authority as
    >> VeriSign and it is the correct type, the certificate already is trusted
    >> by your XP SP2 machines. But you can look, by using the Certificates
    >> snap-in (with MMC), if the authority is inside the "Trusted Certificates
    >> Authorities" folder.
    >>
    >>>> On IAS, RADIUS client is configured with "Request must contain the
    >>>> Message Authenticator Attribute?
    >>> Should it be?

    >>
    >> With EAP/PEAP this is used by default. No matter, but I allways mark
    >> this check-box.
    >>
    >>>> Dial-in permission is enabled to the user?
    >>> Yes

    >>
    >> OK.
    >>
    >>>> The authentication type is enabled on your RADIUS policy profile EAP
    >>>> Methods? (PEAP or Smart Card/Certificates)
    >>>
    >>> I chose PEAP, is that correct?

    >>
    >> Yes, but confirm that the correct certificate is selected.
    >>
    >>>> Another username, that no more exists, was used before, with a
    >>>> succcessful logon?
    >>> No

    >>
    >> OK.
    >>
    >> If the certificate requirements is correct, can you enable tracing on
    >> your IAS server?
    >>
    >> netsh ras set tracing * enabled
    >>
    >> Then you can look for iassam.log and rastls.log to find more informations
    >> about what is going wrong.
    >> You'll find these log files on \systemdir\tracing.
    >>
    >> To disable tracing use:
    >>
    >> netsh ras set tracing * disabled
    >>
    >> Also you can find some informations on Event Viewer - System
    >>
    >> _____________________________
    >> Washington Moreira
    >>

    >
    >
     
    Washington Moreira, Dec 15, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. dever

    2003 SP1 Wireless Zero-Config

    dever, Apr 9, 2005, in forum: Wireless Networking
    Replies:
    0
    Views:
    447
    dever
    Apr 9, 2005
  2. DaveW
    Replies:
    1
    Views:
    2,961
    Vivek
    Oct 6, 2005
  3. lord-morduk
    Replies:
    2
    Views:
    9,336
    Martin Bilgrav
    Apr 16, 2006
  4. =?Utf-8?B?YWtlaWlp?=

    Windows Server 2003x64 R2 ADPREP vs Windows Server 2003 SP1 DC

    =?Utf-8?B?YWtlaWlp?=, May 17, 2006, in forum: Windows 64bit
    Replies:
    12
    Views:
    1,743
    Charlie Russel - MVP
    Sep 20, 2007
  5. =?Utf-8?B?Um9i?=

    Windows 2003 Server 64bit / .net sp1 problem

    =?Utf-8?B?Um9i?=, Jun 1, 2006, in forum: Windows 64bit
    Replies:
    0
    Views:
    401
    =?Utf-8?B?Um9i?=
    Jun 1, 2006
Loading...

Share This Page