7

We are trying to authenticate a client on remote vpn, through a Meraki Z1 teleworker appliance. The Z1 is sending a proper request, the Network Policy Server (ias) service is apparently authenticating the user because our NPS log shows that there is a Reason-Code of 0 in the audit log, however ias is returning Access-Reject back to the Z1 device.

I'm having a difficult time finding out WHY the ias service is sending Access-Reject, and it is to the point now where I think I need some kind of deep debugging output to see where the issue lay. Does anyone know how I might be able to get a deluge of log information out of the IAS service? Is there a specific way to enable that through the EventLog interface?

Peter Grace
  • 3,446
  • 1
  • 26
  • 42
  • Are you using IAS or NPS? It makes a difference. Regarding NPS, [all I know of is what's covered here](http://msdn.microsoft.com/en-us/library/cc725566.aspx), regarding IAS, there's also a [painfully formatted RADIUS log kicking around somewhere](http://technet.microsoft.com/en-us/library/cc785145%28v=ws.10%29.aspx). – HopelessN00b Dec 22 '14 at 17:27
  • 1
    `Get-Service |findstr "Network Policy Server"` returns IAS as the service name, so I guess it's anyone's guess whether it is NPS or IAS. Regarding the radius log, I do have that and am inputting it into logstash. That's how I can confirm the auth is working, I'm getting entries showing the auth succeeds with Reason-Code 0. – Peter Grace Dec 22 '14 at 17:58
  • It seems like you are using NPS. Personally, to debug NPS, i always use the windows event log, specifically the security log. Look for Audit Failure events, they will not only tell you the reason code but also some context as to why access was denied. –  Jul 20 '16 at 22:33

1 Answers1

0

Looks like you need to set-up Accounting.

There you can log this to a SQL DB and you can select what to log and what not.

IT M
  • 111
  • 4