NPS EAP authentication failing after Windows Update

Posted by sqlreader on Server Fault See other posts from Server Fault or by sqlreader
Published on 2012-05-23T18:08:24Z Indexed on 2012/06/01 10:43 UTC
Read the original article Hit count: 784

I have a Windows 2008 Std server running NPS. After applying the latest round of updates (including Root Certificates for April 2012 KB931125 (See:http://support.microsoft.com/kb/933430/)), EAP authentication is failing due to being malformed.

Sample error (Security/Event ID 6273), truncated for brevity:

Authentication Details:
        Proxy Policy Name:              Use Windows authentication for all users
        Network Policy Name:            Wireless Access
        Authentication Provider:                Windows 
        Authentication Server:          nps-host.corp.contoso.com
        Authentication Type:            PEAP
        EAP Type:                       -
        Account Session Identifier:             -
        Reason Code:                    266
        Reason:                         The message received was unexpected or badly formatted.

The NPS policy (Wireless Access) is configured accordingly (for Constraints/Authentication methods)

EAP Types:
            Microsoft: Protected EAP (PEAP) - with a valid certificate from ADCS
            Microsoft: Secured password (EAP-MSCHAP v2)
Less secure authentication methods:
            Microsoft Encrypted Authentication version 2 (MS-CHAP-v2)
            User can change password after it has expired
            Microsoft Encrypted Authentication (MS-CHAP)
            User can change password after it has expired

We've tested a different RADIUS server without the aforementioned patch, and removed EAP as an authentication type and experienced success.

Has anyone else experienced this issue?

© Server Fault or respective owner

Related posts about windows-server-2008

Related posts about radius