1240AG Access Point Received Crypto-Binding TLV is invalid

kennychit · ‎11-12-2008

I need help in trying to figuring why I can't get 1240G authentication to work with windows 2008 NPS Radius. It's working with Windows 2000 AIS. Below is error I've got with windows 2008:

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:

Security ID: edited

Account Name: edited

Account Domain: edited

Fully Qualified Account Name: edited

Client Machine:

Security ID: NULL SID

Account Name: -

Fully Qualified Account Name: -

OS-Version: -

Called Station Identifier: 0017.0fd8.8b40

Calling Station Identifier: 001e.4c13.d804

NAS:

NAS IPv4 Address: 10.0.10.47

NAS IPv6 Address: -

NAS Identifier: swap1

NAS Port-Type: Wireless - IEEE 802.11

NAS Port: 356

RADIUS Client:

Client Friendly Name: swap1

Client IP Address: 10.0.10.47

Authentication Details:

Proxy Policy Name: Use Windows authentication for all users

Network Policy Name: Production Wireless Users

Authentication Provider: Windows

Authentication Server: x.x.com

Authentication Type: PEAP

EAP Type: -

Account Session Identifier: -

Reason Code: 301

Reason: Received Crypto-Binding TLV is invalid.

amritpatek · ‎11-18-2008

Make sure that The Crypto-Binding TLV is valid only if the following checks pass:

The Crypto-Binding TLV version is supported

The Compound MAC verifies correctly

The received version in the Crypto-Binding TLV matches the version