Wireless connection fails to authenticate the client in RSA ACE/Agent 5.6 for Windows
Originally Published: 2004-07-22
Article Number
Applies To
RSA Security Extensible Authentication Protocol (EAP)
Microsoft Internet Authentication Service (IAS)
Wireless
EAP-PEAP
Issue
Error: "Reason-Code = 22 | Reason = The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server" on Event Viewer
Full Event Viewer information (NOTE: Station Identifiers are MAC addresses; in the example we have replaced the MAC addresses with 9's):
User <username> was denied access.
Fully-Qualified-User-Name = <Primary DNS Suffix>/Users/<User Name>
NAS-IP-Address = 192.168.1.2
NAS-Identifier = AP
Called-Station-Identifier = 9999.9999.9999
Calling-Station-Identifier = 9999.9999.9999
Client-Friendly-Name = ap
Client-IP-Address = 192.168.1.2
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 425
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Wireless access to Intranet - RSA Security EAP
Authentication-Type = EAP
EAP-Type = <undetermined>
Reason-Code = 22
Reason = The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp
Cause
Resolution
For detailed Microsoft IAS-RADIUS configuration, refer to page 41 in the RSA ACE/Agent 5.6 for Windows Installation and Administration Guide - Configuring Wireless LAN Access Authentication with PEAP chapter.
Microsoft also provides a white paper describing how to configure RSA ACE/Server to provide a secure authentication solution for VPN and Windows XP 802.1X wireless clients with PEAP. It's available at http://www.microsoft.com/downloads/details.aspx?FamilyID=2466f0e3-231b-46b5-ae1e-0e5d3c3cacad&displaylang=en.
--------------------------------------------
Wireless client configuration:
--------------------------------------------
- From Wireless Network Connection Properties, highlight the preferred network and click the Properties button
- From the Association tab:
- The Network name (SSID) is grayed out
- Ensure the Network Authentication is 'Open' , Data encryption is 'WEP', and the 'The key is provided for me automatically' is ticked
- From the Authentication tab:
- Ensure that 'Enable IEEE 802.1x authentication for this network' is ticked, and the EAP type is 'Protected EAP (PEAP)'
- Ensure that 'Authenticate as computer when computer information is available' and 'Authenticate as quest when user or computer information is unavailable' are unticked
- Click the EAP type Properties button
- From Protected EAP Properties:
- 'Validate server certificate' is unticked (This solution is focused on a non-certificate solution. Please bear in mind that a certificate will make the connection more secure).
- Select Authentication Method is ' RSA Security EAP'
- 'Enable Fast Reconnect' is unticked (fast reconnect ticked can provide a better roaming experience)
Related Articles
RSA Access Manager Agent SharePoint Ticket Service sends duplicate runtimeAPI WebServices Requests Number of Views When configuring Email Notification and Certificate Expiry Notification does 'All Vettors' (or the Vettor(s) selection fo… Number of Views Email approvals from Outlook desktop result in "reply could not be understood" in RSA Identity Governance & Lifecycle Number of Views Authentication fails with error NS_MISMATCH_SERVER_HAS_BUT_AGENT_DOESNT Number of Views Unable to load form fields when using a form element of control type "Drop Down with Web Service" in RSA Identity Governan… Number of Views
Don't see what you're looking for?
