02-11-2009 12:01 PM - edited 03-10-2019 04:20 PM
Hi folks,
I regularly get these messages from my ACS box, which is (among other things) supporting 802.1x / PEAP authentication for my wireless users.
Note that the misspelling of "authentication" is intentional - e.g. the typo is in the syslog coming out of ACS
Cisco_ACS_3_x_02 1 2 1432610766 Caller-ID=00-22-69-zz-xx-yy,NAS-IP-Address=Â10.x.y.100,AAA Server=acssvr1,User-Name=DOMAIN\username,NAS-Port=1,MessaÂge-Type=Authen failed,Authen-Failure-Code=Authetication session invalidatedÂ,Date=02/11/2009,Time=14:23:19,Group-Name=Default Group,Author-Data=,Real NÂame=,Description=,ExtDB Info=EXTERNALDB,Access Device=RemoteOfficeWLAN1,Priv-lvl=,ProxÂy-IP-Address=,Source-NAS=,Network Device Group=Wireless Controllers,EAP TypÂe=25,EAP Type Name=MS-PEAP,
Perhaps I'd be better off cross-posting this to the wireless forum, but I figured I should start here first.
So my question is: is the ACS invalidating the session, is it part of PEAP, or is it something on the wireless controller thats forcing the re-auth? Is this cause for concern or further investigation, or should I tune it out (in my MARS box, which is firing alerts for "Failed AAA authentication")
02-13-2009 12:38 PM
I consider that there is not enough information to tell if this is a false alarm.
On ACS server go to System Config > Service control > logging > Full > Restart
Check the Failed Attempts on ACS, look for the same time frame in these other logs: RDS.log & Auth.log.
What Service Pack are the Windows XP users running?
Are you doing PEAP Machine/User or just PEAP User authentication?
Do you have users reporting any issues?
03-06-2009 03:46 PM
there is session time-out that can be configured on ACS and controller, turn-off session timeout on ACS.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: