Hello! We're using 802.1x with user authentication with some success. However, there are a couple users that will get notifications that "additional authentication is required". They type their username and password correctly but it still won't authenticate. This is the event on the NPS server for that authentication attempt. Notice that the Security ID is NULL. Based on our Connection Request Policy it is reasonable that the user isn't authenticated since they need to be in a security group, and if there is no Security ID they can't be associated with that group so their attempt to authenticate is denied. These users don't always experience this behavior, it's sporadic and it's always the same users.
I'm stumped. DO you guys have any thoughts?
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 5/13/2013 12:58:49 PM
Event ID: 6273
Task Category: Network Policy Server
Level: Information
Keywords: Audit Failure
User: N/A
Computer: WSR-NPSSERVER.domain.lan
Description:
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID:
NULL SID
Account Name:
DOMAIN\username
Account Domain:DOMAIN
Fully Qualified Account Name:DOMAIN\username
Client Machine:
Security ID:
NULL SID
Account Name:
-
Fully Qualified Account Name:-
OS-Version:
-
Called Station Identifier:000B866D59F4
Calling Station Identifier:1C3E84524A2F
NAS:
NAS IPv4 Address:10.10.16.31
NAS IPv6 Address:-
NAS Identifier:-
NAS Port-Type:Wireless - IEEE 802.11
NAS Port:
0
RADIUS Client:
Client Friendly Name:WLCSEA-02.DOMAIN.lan
Client IP Address:10.10.16.32
Authentication Details:
Connection Request Policy Name:Aruba Policy - Company North
Network Policy Name:-
Authentication Provider:Windows
Authentication Server:WSR-NPSSERVER.domain.lan
Authentication Type:MS-CHAPv2
EAP Type:
-
Account Session Identifier:-
Logging Results:Accounting information was written to the SQL data store.
Reason Code:
16
Reason:
Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>6273</EventID>
<Version>1</Version>
<Level>0</Level>
<Task>12552</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2013-05-13T19:58:49.436427200Z" />
<EventRecordID>3875866</EventRecordID>
<Correlation />
<Execution ProcessID="464" ThreadID="1876" />
<Channel>Security</Channel>
<Computer>WSR-NPSSERVER.domain.lan</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-0-0</Data>
<Data Name="SubjectUserName">domain\username</Data>
<Data Name="SubjectDomainName">DOMAIN</Data>
<Data Name="FullyQualifiedSubjectUserName">DOMAIN\username</Data>
<Data Name="SubjectMachineSID">S-1-0-0</Data>
<Data Name="SubjectMachineName">-</Data>
<Data Name="FullyQualifiedSubjectMachineName">-</Data>
<Data Name="MachineInventory">-</Data>
<Data Name="CalledStationID">000B866D59F4</Data>
<Data Name="CallingStationID">1C3E84524A2F</Data>
<Data Name="NASIPv4Address">10.10.16.31</Data>
<Data Name="NASIPv6Address">-</Data>
<Data Name="NASIdentifier">-</Data>
<Data Name="NASPortType">Wireless - IEEE 802.11</Data>
<Data Name="NASPort">0</Data>
<Data Name="ClientName">WLCSEA-02.domain.lan</Data>
<Data Name="ClientIPAddress">10.10.16.32</Data>
<Data Name="ProxyPolicyName">Aruba Policy - Company North</Data>
<Data Name="NetworkPolicyName">-</Data>
<Data Name="AuthenticationProvider">Windows</Data>
<Data Name="AuthenticationServer">WSR-NPSSERVER.domain.lan</Data>
<Data Name="AuthenticationType">MS-CHAPv2</Data>
<Data Name="EAPType">-</Data>
<Data Name="AccountSessionIdentifier">-</Data>
<Data Name="ReasonCode">16</Data>
<Data Name="Reason">Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.</Data>
<Data Name="LoggingResult">Accounting information was written to the SQL data store.</Data>
</EventData>
</Event>