Share via

NPS failure logs aren't collected despite successful and failure logs are enabled

Federico Coppola 125 Reputation points
2024-09-05T18:23:47.1966667+00:00

Hi folks,

I am working with NPS on Windows Server 2016.

This Windows Server 2016 authenticates wireless clients (802.1X)
However sometimes NPS authentication process fails, but any logs are present in Event Viewer!
I checked many times log settings of NPS role, "successful" and "rejected" authentication boxes are ticked.

I collected network traffic using WireShark, RADIUS requests are received by Windows Server.
I see many "access-request" and "access-challange" repeated different time, but sometimes a part of corporate endpoints aren't able to complete authentication process.

immagine

The most of our endpoints are running Windows 10.
We already excluded Windows Credential Guard (Domain GPO turn off this functionality).

I need to analyze failure logs, but Event Viewer doens't provide me details about these events.

Do you have some suggestion for me?

Thanks!

Windows for business | Windows Server | User experience | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jing Zhou 7,770 Reputation points Microsoft External Staff
    2024-09-06T02:38:27.14+00:00

    Hello,

     

    Thank you for posting in Q&A forum.

    When using NPS for Windows Server 2016 for 802.1X authentication, if you encounter authentication failures and no logs from Event Viewer, you can consider the following areas to troubleshoot:

    1. Check the NPS configuration

    RADIUS Client Settings: Ensure that all access points are properly added to the NPS and that the shared key is correct.

    Network Policies and Permissions: Check your network policy settings to confirm that you allow the required users and computer groups to authenticate, and note that the policy is prioritized correctly.

    1. Increase the level of NPS log detail

    Enable Debug Logs: Enable more verbose debug logs in the NPS properties to get more details about when authentication fails.

    1. Use external tools to analyze network traffic

    WireShark Analysis: Use radius filters in WireShark to view responses from Access-Request, Access-Challenge, and Access-Accept, and watch out for possible Access-Reject codes.

    1. Troubleshoot client issues

    Make sure the client is configured correctly: Confirm that the wireless network and 802.1X settings for Windows 10 devices that can't be authenticated are correct.

    Network Driver Updates: Check that the network adapter drivers are up to date to avoid compatibility issues.

    1. Other Possibilities

    Check GPO settings: Make sure all GPOs are set correctly, especially those that don't affect authentication.

    Network connectivity: Make sure that the device experiencing the issue has a good network connection to the RADIUS server.

     

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

     

    Best regards,

    Jill Zhou

     

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.