MSM 710 , Active Directory VSC authentication problems (688 Views)
Reply
Collector
JockeN
Posts: 1
Registered: ‎02-11-2013
Message 1 of 1 (688 Views)

MSM 710 , Active Directory VSC authentication problems

[ Edited ]

Hello!
I have for some time now experienced a problem with our Active-Directory controlled VSC. 
It seems that only some of our users are able to authenticate and others recieve a reject. 

The VSC is access-controlled and ive added the appropiate-groups aswell ass added the default AC group.

 

"Feb 11 13:55:01 debug iprulesmgr Sending RADIUS Access Reject (id='4') to RADIUS Client (ip-address='169.254.0.4',port='33183').
Feb 11 13:55:01 info iprulesmgr Refusing session for user (nas-port='7',name='domain\username',calling-station-id='00-23-14-8D-21-B4',framed-ip-address='0.0.0.0')."

 

This is one of the entries i can see being logged in the MSM-log after activating extra Radius/ad-debug. 

 

The wierd thing is that some of our users are able to authenticate to this AD-authenticated VSC but some of them can't

 

from what i can see this is alos logged on the DC when one of the users getting rejected tries to connect : 


The computer attempted to validate the credentials for an account.

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: User.account
Source Workstation: \\MSM710
Error Code: 0xc000006a

 

Our current setup is (only listed the relevant servers) : 1 DC (2008r2) ,

Network is 1 VLAN, 2 subnets connected through an IPSEC-tunnel ('ve checked the firewall nothing being blocket there its full access between these subnets) 

1: MSM710

2:MSM 430

1: MSM 310

 

So to clarify we are not using a RADIUS-Server just the built in "Remote > Active Directory authentication"

 

P.S usernames and domain have been swapped for privacy reasons

 

Any help in this matter would be greatly appreciated


Cheers 

 

Joakim

 

 

:UPDATE:
Looking at the logs from the DC the only difference i can see between a failed authentication and one that succeeded is that the ones able to authenticate has its own laptop as Souce Workstation: laptopnamexxx

While the ones failing comes from Source Workstation: \\MSM710

 

example below:

Failed authenticated:


The computer attempted to validate the credentials for an account.

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: user.name
Source Workstation: \\MSM710
Error Code: 0xc000006a

 

Successfully authenticated:

 

The computer attempted to validate the credentials for an account.

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: user.name2
Source Workstation: computername-xxx
Error Code: 0x0

 

 

P.S. This thread has beenmoved from Communications, Wireless (Legacy ITRC forum) to MSM Series. - Hp Forum Moderator

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.