Search This Blog

Thursday, November 29, 2007

Microsoft IAS uses Global catalog

We had a case when users could not use wireless when WAN link to HQ was down. The reason is that Cisco wireless authentication (WPA2-Enteprise EAP) is done on the local DC with IAS, but Global catalog was not enabled on the DC. Since the WAN link to HQ Global catalog was not available users could not connect to wireless. Error message:


Event Type: Error
Event Source: IAS
Event Category: None
Event ID: 3
Date: 11/27/2007
Time: 5:25:18 PM
User: N/A
Computer: xxx
Description:
Access request for user host/xxx was discarded.
Fully-Qualified-User-Name =
NAS-IP-Address = xxx
NAS-Identifier = xxx
Called-Station-Identifier = xxx
Calling-Station-Identifier = xxx
Client-Friendly-Name = xxx
Client-IP-Address = xxx
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 215
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server =
Reason-Code = 4
Reason = The Active Directory global catalog cannot be accessed.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 ....




The workaround - enable GC on all DCs used for wireless.

http://technet2.microsoft.com/windowsserver/en/library/7f26a61e-8dfa-455f-b596-53aa6349f0511033.mspx?mfr=true

No comments: