Jump to content


2008 Server - Network Policy Server

  • Please log in to reply
6 replies to this topic

#1 Budious



  • Joined: 03-November 01

Posted 20 October 2007 - 05:30

Alright, I'm to the point where a request for help needs to be made as much as it hurts my pride. I have an evaluation copy of Windows 2008 RC running on VM Server 1.03 at the moment, if I get the virtual machine operating to my requirements I will implement it to a hardware installation.

Goal: Enabling WPA2+Enterprise Authentication on Wi-Fi AP through use of NPS (RADIUS) features of Windows 2008 Server
Brief Summary of Project Accomplished: Configured NPS through wizard. Assigned connection settings to AP. Assigned connection settings to test client. Login screen appears when connecting to the AP but login attempts fail. Created a local user with matching credientials of the client on the server. Login attempts continue to fail.
Problem: Connectivity between Vista wireless client and 2008 Server has been established. 2008 Server's Event Viewer reports Network Policy Server cannot authenticate the user. Specific error message provided below:

Event ID: 6273 Reason Code: 65Reason: The connection attempt failed because network access permission for the user account was denied. To allow network access, enable network access permission for the user account, or, if the user account specifies that access is controlled through the matching network policy, enable network access permission for that network policy.

More Details:

Current Setup (Software):
Server 2008 (fresh install)
Network Policy Server role installed via wizard (no other roles or features installed)
Vista Business (test client)

Current Setup (Hardware/Topology):
Linksys WRT54GS Router @
Server on LAN Port 1 @ (static)
Clients on LAN Ports 2/3/4 & Wi-Fi AP @ DHCP Range

Other Comments: I have configured the RADIUS server with generated key and added my RADIUS client (Linksys WRT54GS Router) with the generated key. The RADIUS client (router) is using WPA2+RADIUS for authentication. Followed through the NPS wizard to configure a RADIUS server for Wi-Fi AP. During the configuration a Secure Wireless Connections network policy was created giving access to the Windows Groups BUILTIN\Users, BUILTIN\Power Users, and BUILTIN\Administrator groups. I created three local user accounts on the 2008 Server that belong to the [BUILTIN]Users group of the local machine. Authentication continues to fail when trying any of the three new accounts. I'm not sure where to go from here, do I need another condition? Also, can I use only a single user account to authenticate RADIUS login for multiple clients if the option to supply login credentials other than the client's Windows user account?

Posted Image

Any ideas on how to get this working?


Related Questions about Windows 2008 Server RC Evaluation
- How many times can I activate this an evaluation key (simultaneously) ?
- How long is the evaluation period (90/180/365 days) ?

Edited by Budious, 20 October 2007 - 06:51.

#2 bobbba


    Neowinian Senior

  • Joined: 11-January 05
  • Location: England

Posted 20 October 2007 - 07:15

has the windows users account you are trying to get in with got the Dialin property set to "control by Remote Access policy" (or something like that)?

#3 OP Budious



  • Joined: 03-November 01

Posted 20 October 2007 - 07:27

Yes, I have the radio button option selected for "Control access through NPS Network Policy"

#4 OP Budious



  • Joined: 03-November 01

Posted 20 October 2007 - 13:08

I think the problem is that the server needs a certificate authority of some type installed to be compliant with the authentication schemes. NPS is a replacement for IAS from Server 2000/2003 and can operate with local SAM user accounts and does not require Active Directory; however, it appears I still need to have to a certificate source.

#5 +John Teacake

John Teacake


  • Tech Issues Solved: 1
  • Joined: 14-May 03

Posted 26 March 2014 - 15:47

I am having this issue now with freshly rolled out Windows 7 Clients from XP. 

#6 sc302


    Neowinian Senior

  • Tech Issues Solved: 57
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 26 March 2014 - 22:32

Chuck I can help you out tomorrow. I just set this up so the config is fresh in my mind. Very easy to do.

#7 +BudMan


    Neowinian Senior

  • Tech Issues Solved: 129
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 27 March 2014 - 13:25

This thread is from 2007 ;)  So Chuck are you running on a 2008 Release Candidate as well? ;)


So your saying these XP clients worked, but now you clean installed them to 7 or upgraded?  I think it would be best if you created your own thread with your specific details.