Event ID 14 — RADIUS Client Communication

Updated: December 16, 2008

Applies To: Windows Server 2008 R2

yellow

Network Policy Server (NPS) exchanges RADIUS messages with RADIUS clients. RADIUS messages exchanged between NPS and RADIUS clients must comply with the RADIUS protocol specification or NPS might not be able to process connection requests.

Event Details

Product: Windows Operating System
ID: 14
Source: NPS
Version: 6.1
Symbolic Name: RADIUS_E_BAD_AUTHENTICATOR
Message: A RADIUS message was received from RADIUS client %1 with an invalid authenticator. This is typically caused by mismatched shared secrets. Verify the configuration of the shared secret for the RADIUS client in the Network Policy Server snap-in and the configuration of the network access server.

Resolve

Fix RADIUS client communication issues

This condition can occur under the following circumstances:

  • The RADIUS client configuration is incorrect, and NPS received a RADIUS message that contains an authenticator that is not valid.
  • The RADIUS client needs to be updated because the size of a RADIUS message received from the RADIUS client exceeds the message size specified in the RADIUS protocol.

To perform this procedure, you must be a member of Domain Admins.

To change the RADIUS client configuration:

  1. Open the NPS Microsoft Management Console (MMC), and double-click RADIUS Clients and Servers.
  2. Click RADIUS Clients, and then locate and double-click the RADIUS client whose configuration you want to check. Confirm that the shared secret and IP address are correct.
  3. On the network access server, make sure the shared secret is the same as the one used in NPS.
  4. If the shared secret is the same, consult your network access server documentation to confirm that the network access server complies with RADIUS standards, as defined by the Internet Engineering Task Force (IETF). If it does not, contact the RADIUS client vendor and request a firmware or other update as needed, and then apply the update according to the vendor's documentation.

Verify

To verify RADIUS client communication:

  1. Use a network access client to connect to the network through the RADIUS client that previously sent RADIUS messages that contained an incorrect authenticator or whose message size exceeded the RADIUS protocol.
  2. The access client should be able to connect successfully to the network through the RADIUS client.

Related Management Information

RADIUS Client Communication

Network Policy Server Infrastructure

Community Additions

ADD
Show: