MSM 710 , Active Directory VSC authentication problems (629 Views)
Reply
Collector
JockeN
Posts: 1
Registered: ‎02-11-2013
Message 1 of 1 (629 Views)

MSM 710 , Active Directory VSC authentication problems

[ Edited ]

Hello!
I have for some time now experienced a problem with our Active-Directory controlled VSC. 
It seems that only some of our users are able to authenticate and others recieve a reject. 

The VSC is access-controlled and ive added the appropiate-groups aswell ass added the default AC group.

 

"Feb 11 13:55:01 debug iprulesmgr Sending RADIUS Access Reject (id='4') to RADIUS Client (ip-address='169.254.0.4',port='33183').
Feb 11 13:55:01 info iprulesmgr Refusing session for user (nas-port='7',name='domain\username',calling-station-id='00-23-14-8D-21-B4',framed-ip-address='0.0.0.0')."

 

This is one of the entries i can see being logged in the MSM-log after activating extra Radius/ad-debug. 

 

The wierd thing is that some of our users are able to authenticate to this AD-authenticated VSC but some of them can't

 

from what i can see this is alos logged on the DC when one of the users getting rejected tries to connect : 


The computer attempted to validate the credentials for an account.

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: User.account
Source Workstation: \\MSM710
Error Code: 0xc000006a

 

Our current setup is (only listed the relevant servers) : 1 DC (2008r2) ,

Network is 1 VLAN, 2 subnets connected through an IPSEC-tunnel ('ve checked the firewall nothing being blocket there its full access between these subnets) 

1: MSM710

2:MSM 430

1: MSM 310

 

So to clarify we are not using a RADIUS-Server just the built in "Remote > Active Directory authentication"

 

P.S usernames and domain have been swapped for privacy reasons

 

Any help in this matter would be greatly appreciated


Cheers 

 

Joakim

 

 

:UPDATE:
Looking at the logs from the DC the only difference i can see between a failed authentication and one that succeeded is that the ones able to authenticate has its own laptop as Souce Workstation: laptopnamexxx

While the ones failing comes from Source Workstation: \\MSM710

 

example below:

Failed authenticated:


The computer attempted to validate the credentials for an account.

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: user.name
Source Workstation: \\MSM710
Error Code: 0xc000006a

 

Successfully authenticated:

 

The computer attempted to validate the credentials for an account.

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: user.name2
Source Workstation: computername-xxx
Error Code: 0x0

 

 

P.S. This thread has beenmoved from Communications, Wireless (Legacy ITRC forum) to MSM Series. - Hp Forum Moderator

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation