M and MSM Series
Showing results for 
Search instead for 
Did you mean: 

Re: MSM710 Active Directory 802.1X authentication issue?


Re: MSM710 Active Directory 802.1X authentication issue?

I set it to more failures before lockout, and much quicker reset for that user, so we honestly can't say whether it ever locked him out or not.

I also had the other user log in successfully a bit later, so I copied and pasted both of those saved logs into one file. Username1 is the user who fails, Username2 is the user who succeeds. Both are in the same OU, groups, and etc.

(Names changed to protect the innocent)

Thanks so much for your help!
Trusted Contributor

Re: MSM710 Active Directory 802.1X authentication issue?

Ah! Nobody's innocent :)

OK, here is where the problem is. I have recreated a shorter version of the log file with just the portion where the problem occurs (see attached file).

If you look for the same kind of MS-CHAP challenge for Username1 and Username2, one ends with a failure (0xc000006d) the other ends with an OK state.

Now, this error is a microsoft error code returned by the server during the challenge. I found a couple of interesting articles on the web, that may sound related to your problem.

As I'm not as intimate as you are on the version of the microsoft server you are using, I have pasted the google search URL on "microsoft 0xc000006d". There seem to be some information with regard to this error that might help you. Let me know if you see something interesting in there...

Occasional Advisor

Re: MSM710 Active Directory 802.1X authentication issue?

Steve, Seems like the configuration is being setup correctly.
I'm sort of puzzled in the information you're providing.
I've done this setup a dozen times on various school without any errors.

Would it be possible to have a look at the web-interface of the controller to check some settings and reading the log file while you do a login?

Best regards,

Mike Hydra
2 Fast 4 Wireless

Re: MSM710 Active Directory 802.1X authentication issue?

Mike, thanks for the google search suggestion. The fact that the user was able to authenticate for logon (on my laptop, and for the first time) but unable to authenticate to AD via wireless controller is the oddest thing... makes it seem unlikely to be related to the 'computer account in the domain' concern and some of the other things I saw...

In other news I tweaked the groups listed in the AD authentication on the controller and now he is able to authenticate and connect if he manually enters the password at a prompt, but still fails if he sets it to automatically use his logged on credentials. How's that for weird? It is possible that is where the breakdown was occurring before, although I thought he'd tried manually entering the password with failure before as well.

Happy to try anything, Mike, just let me know what you'd like me to look at...