Wireless connection fails to authenticate the client in RSA ACE/Agent 5.6 for Windows
Originally Published: 2004-07-22
Article Number
Applies To
RSA Security Extensible Authentication Protocol (EAP)
Microsoft Internet Authentication Service (IAS)
Wireless
EAP-PEAP
Issue
Error: "Reason-Code = 22 | Reason = The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server" on Event Viewer
Full Event Viewer information (NOTE: Station Identifiers are MAC addresses; in the example we have replaced the MAC addresses with 9's):
User <username> was denied access.
Fully-Qualified-User-Name = <Primary DNS Suffix>/Users/<User Name>
NAS-IP-Address = 192.168.1.2
NAS-Identifier = AP
Called-Station-Identifier = 9999.9999.9999
Calling-Station-Identifier = 9999.9999.9999
Client-Friendly-Name = ap
Client-IP-Address = 192.168.1.2
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 425
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Policy-Name = Wireless access to Intranet - RSA Security EAP
Authentication-Type = EAP
EAP-Type = <undetermined>
Reason-Code = 22
Reason = The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp
Cause
Resolution
For detailed Microsoft IAS-RADIUS configuration, refer to page 41 in the RSA ACE/Agent 5.6 for Windows Installation and Administration Guide - Configuring Wireless LAN Access Authentication with PEAP chapter.
Microsoft also provides a white paper describing how to configure RSA ACE/Server to provide a secure authentication solution for VPN and Windows XP 802.1X wireless clients with PEAP. It's available at http://www.microsoft.com/downloads/details.aspx?FamilyID=2466f0e3-231b-46b5-ae1e-0e5d3c3cacad&displaylang=en.
--------------------------------------------
Wireless client configuration:
--------------------------------------------
- From Wireless Network Connection Properties, highlight the preferred network and click the Properties button
- From the Association tab:
- The Network name (SSID) is grayed out
- Ensure the Network Authentication is 'Open' , Data encryption is 'WEP', and the 'The key is provided for me automatically' is ticked
- From the Authentication tab:
- Ensure that 'Enable IEEE 802.1x authentication for this network' is ticked, and the EAP type is 'Protected EAP (PEAP)'
- Ensure that 'Authenticate as computer when computer information is available' and 'Authenticate as quest when user or computer information is unavailable' are unticked
- Click the EAP type Properties button
- From Protected EAP Properties:
- 'Validate server certificate' is unticked (This solution is focused on a non-certificate solution. Please bear in mind that a certificate will make the connection more secure).
- Select Authentication Method is ' RSA Security EAP'
- 'Enable Fast Reconnect' is unticked (fast reconnect ticked can provide a better roaming experience)
Related Articles
RSA SecurID Authenticator 4.1.5 for iOS and Android Quick Start Guide (Italian) Number of Views RSA SecurID 4.0 for iOS and Android App Quick Start Guide (Italian) Number of Views RSA Authenticator 4.3 for iOS and Android Quick Start Guide (Italian) Number of Views RSA SecurID Authenticator 4.2 for iOS and Android Quick Start Guide (Italian) Number of Views RSA Identity Governance and Lifecycle 7.0+ Data Access Collector(DAC) Run shows Admin Error:The resource Fully Qualified N… Number of Views
Trending Articles
How to recover the Application and AFX after an unexpected database failure in RSA Identity Governance & Lifecycle RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Troubleshooting AFX Connector issues in RSA Identity Governance & Lifecycle RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager Upgrade Process
Don't see what you're looking for?
