Skip to main content

RADIUS

Well, good 'ol Microsoft strikes again.  Jacob (from Wintek) was able to isolate our NPS/RADIUS authentication problem to Windows Firewall.  Even though the 1812 port exceptions were properly in place, Windows was dropping the traffic anyway. Evidently many other sys admins were having the same problem, and Microsoft's own documents finally revealed the issue and answer to me: 

 

With Server 2019 this firewall exception requires a modification to the service account security identifier to effectively detect and allow RADIUS traffic. If this security identifier change is not executed, the firewall will drop RADIUS traffic. From an elevated command prompt, run sc sidtype IAS unrestricted. This command changes the IAS (RADIUS) service to use a unique SID instead of sharing with other NETWORK SERVICE services. 

 

Once I issued that command and rebooted the system, the new server can now perform RADIUS authentication.  Both the Cisco WLC and Cisco Firewall have been updated to use the new server now.  I would say we're finally ready to switch over the remaining roles. 

 

Wishing both of you a great weekend,  

 

 

Tix: 358981 

Back to top