Network Policy Server denied access to a user - wifi authentication

Calvin Goodman 41 Reputation points
2022-06-08T19:56:41.457+00:00

Users are unable to connect to Unifi APs with logon credential. Nothing changed on NPS server. The certificate is still valid. The APs are good as well since we can connect in WPA2 protocol. In AD user profile, "Control access thru NPS network policy" is always checked and never changed. The only thing we updated are the DNS servers in APs.

Checking the event ID 6273 in NPA log and two errors below seen but both are not really true. Any suggestion? Thanks

1) "Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect."
2) "The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission."

Thanks
Calvin

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
8,215 questions
No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Gary Nebbett 3,831 Reputation points
    2022-06-08T20:04:49.773+00:00

    Hello Calvin,

    The first thing that I would suggest is checking out this thread:

    https://learn.microsoft.com/en-us/answers/questions/846654/nps-stopped-working-after-may-2022-updates.html

    Gary


  2. Limitless Technology 37,351 Reputation points
    2022-06-10T08:11:51.58+00:00

    Hi there,

    If you have made any recent updates try uninstalling them as some updates seems to break the logon process.

    The NPS log has told you the reason why authentication has failed: user credentials mismatch or non-existing user account.

    First, please make sure that the client with this issue has matched the correct policy. (NPS will try the first matched policy. If it fails, NPS won't try the next one.)

    Also, if you are using PEAP authentication method, please make sure that both of the client and server have the suitable certificate. To exclude the possibility that this issue may caused by certificate, you may try to change the authentication method to MS-CHAPv2.

    ------------------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--

    No comments