Dear Sir,
i am begineer in networking.
when i set 802.1x wired network with NPS,i got below error. if follow below links but i cannot fix
please help me.
when i check NPS event log,
I saw certificate error . It show The certificate chain was issued by an authority that is not trusted .
But i can't solve.
PLease help me.
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 10/7/2018 2:30:48 AM
Event ID: 6273
Task Category: Network Policy Server
Level: Information
Keywords: Audit Failure
User: N/A
Computer: CA.cadc.local
Description:
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: CADC\azt
Account Name: azt@cadc.local
Account Domain: CADC
Fully Qualified Account Name: cadc.local/eKiosk/azt
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
Called Station Identifier: 00-AA-6E-2A-50-0A
Calling Station Identifier: 40-16-7E-45-F2-67
NAS:
NAS IPv4 Address: 192.168.1.101
NAS IPv6 Address: -
NAS Identifier: -
NAS Port-Type: Ethernet
NAS Port: 50110
RADIUS Client:
Client Friendly Name: Cisco Switch
Client IP Address: 192.168.1.101
Authentication Details:
Connection Request Policy Name: Use Windows authentication for all users
Network Policy Name: eKiosk 802.1x
Authentication Provider: Windows
Authentication Server: CA.cadc.local
Authentication Type: PEAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 265
Reason: The certificate chain was issued by an authority that is not trusted.
<Computer>CA.cadc.local</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-21-3858713045-1423114026-2227573672-1104</Data>
<Data Name="SubjectUserName">azt@cadc.local</Data>
<Data Name="SubjectDomainName">CADC</Data>
<Data Name="FullyQualifiedSubjectUserName">cadc.local/eKiosk/azt</Data>
<Data Name="SubjectMachineSID">S-1-0-0</Data>
<Data Name="SubjectMachineName">-</Data>
<Data Name="FullyQualifiedSubjectMachineName">-</Data>
<Data Name="CalledStationID">00-AA-6E-2A-50-0A</Data>
<Data Name="CallingStationID">40-16-7E-45-F2-67</Data>
<Data Name="NASIPv4Address">192.168.1.101</Data>
<Data Name="NASIPv6Address">-</Data>
<Data Name="NASIdentifier">-</Data>
<Data Name="NASPortType">Ethernet</Data>
<Data Name="NASPort">50110</Data>
<Data Name="ClientName">Cisco Switch</Data>
<Data Name="ClientIPAddress">192.168.1.101</Data>
<Data Name="ProxyPolicyName">Use Windows authentication for all users</Data>
<Data Name="NetworkPolicyName">eKiosk 802.1x</Data>
<Data Name="AuthenticationProvider">Windows</Data>
<Data Name="AuthenticationServer">CA.cadc.local</Data>
<Data Name="AuthenticationType">PEAP</Data>
<Data Name="EAPType">-</Data>
<Data Name="AccountSessionIdentifier">-</Data>
<Data Name="ReasonCode">265</Data>
<Data Name="Reason">The certificate chain was issued by an authority that is not trusted.</Data>
<Data Name="LoggingResult">Accounting information was written to the local log file.</Data>
</EventData>
</Event>
