Welcome to Cisco Support Community. We would love to have your feedback.
For an introduction to the new site, click here. And see here for current known issues.
I need help in trying to figuring why I can't get 1240G authentication to work with windows 2008 NPS Radius. It's working with Windows 2000 AIS. Below is error I've got with windows 2008:
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
Security ID: edited
Account Name: edited
Account Domain: edited
Fully Qualified Account Name: edited
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
Called Station Identifier: 0017.0fd8.8b40
Calling Station Identifier: 001e.4c13.d804
NAS IPv4 Address: 10.0.10.47
NAS IPv6 Address: -
NAS Identifier: swap1
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: 356
Client Friendly Name: swap1
Client IP Address: 10.0.10.47
Proxy Policy Name: Use Windows authentication for all users
Network Policy Name: Production Wireless Users
Authentication Provider: Windows
Authentication Server: x.x.com
Authentication Type: PEAP
EAP Type: -
Account Session Identifier: -
Reason Code: 301
Reason: Received Crypto-Binding TLV is invalid.
Make sure that The Crypto-Binding TLV is valid only if the following checks pass:
The Crypto-Binding TLV version is supported
The Compound MAC verifies correctly
The received version in the Crypto-Binding TLV matches the version