NPS and Server 2019 "rejection" issues with PEAP/EAP

 I had an issue where the RADIUS authentication requests on the server were not working as they should and rejecting devices, mainly Windows 10 devices, this was caused by two issues, so lets go though them now....

The error

Authentication Type: PEAP
EAP Type: -
Account Session Identifier: 39363033333243354442323838323931
Logging Results: Accounting information was written to the local log file.
Reason Code: 23
Reason: An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.

Step 1 : Windows Updates

Ensure you have the latest serving stack installed, a couple of people reported that they installed Windows Updates then were unable to connect, upon inspected the NPS servers were rocking the older serving updates and did not have updates installed.

Please, keep your NPS servers up to date, before your try the options below.......

Step 2 : Server NPS configuration

On Windows Server 2019 with NPS role installed, open an admin command prompt & run the following command:

sc sidtype IAS unrestricted
Reboot the server
Attempt the connection

If this fails after a reboot you may need to enable the NPS rule in the firewall, to do that use this command:

Get-NetFirewallRule -DisplayGroup "Network Policy Server" | where DisplayName -like "*RADIUS*" | Set-NetFirewallRule -Service Any

Remove the rule run this:

Get-NetFirewallRule -DisplayGroup "Network Policy Server" | where DisplayName -like "*RADIUS*" | Set-NetFirewallRule -Service ias

Previous Post Next Post

Ω†Ω…ΩˆΨ°Ψ¬ Ψ§Ω„Ψ§ΨͺΨ΅Ψ§Ω„