# NPS internal error



## agrant1 (May 27, 2009)

So I can't seem to find that anyone else is having this issue but here it goes, I am running a VM box with server 2008 standard fresh from the disk, nothing installed but NPS. I configure my radius client and polices for 802.1x wired authentication then attempt to connect from an XP box. I disable server verification on the client side because I am not using certs at this point. I am running a 3550 cisco switch as the radius client and this is configured properly because I have another radius server on the network not running a VM and have no issue. 
On the VM server every time a client computer attempts to connect I get this error 
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 3/22/2011 7:54:29 PM
Event ID: 6274
Task Category: Network Policy Server
Level: Information
Keywords: Audit Failure
User: N/A
Computer: WIN-AOQTOFCTBXE
Description:
Network Policy Server discarded the request for a user.

Contact the Network Policy Server administrator for more information.

User:
Security ID: WIN-AOQTOFCTBXE\Administrator
Account Name: administrator
Account Domain: WIN-AOQTOFCTBXE
Fully Qualified Account Name:	WIN-AOQTOFCTBXE\administrator

Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name:	-
OS-Version: -
Called Station Identifier: 00-05-DD-C2-CC-87
Calling Station Identifier: 00-16-41-E4-66-53

NAS:
NAS IPv4 Address: 192.168.0.220
NAS IPv6 Address: -
NAS Identifier: -
NAS Port-Type: Ethernet 
NAS Port: 50007

RADIUS Client:
Client Friendly Name: switchg
Client IP Address: 192.168.0.220

Authentication Details:
Proxy Policy Name: Secure Wired (Ethernet) Connections
Network Policy Name: Secure Wired (Ethernet) Connections
Authentication Provider: Windows 
Authentication Server: WIN-AOQTOFCTBXE
Authentication Type: EAP
EAP Type: -
Account Session Identifier: -
Reason Code: 1
Reason: An internal error occurred. Check the system event log for additional information. 

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>6274</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12552</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2011-03-22T23:54:29.528Z" />
<EventRecordID>264</EventRecordID>
<Correlation />
<Execution ProcessID="628" ThreadID="748" />
<Channel>Security</Channel>
<Computer>WIN-AOQTOFCTBXE</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-21-2615004708-3023878124-1385030653-500</Data>
<Data Name="SubjectUserName">administrator</Data>
<Data Name="SubjectDomainName">WIN-AOQTOFCTBXE</Data>
<Data Name="FullyQualifiedSubjectUserName">WIN-AOQTOFCTBXE\administrator</Data>
<Data Name="SubjectMachineSID">S-1-0-0</Data>
<Data Name="SubjectMachineName">-</Data>
<Data Name="FullyQualifiedSubjectMachineName">-</Data>
<Data Name="MachineInventory">-</Data>
<Data Name="CalledStationID">00-05-DD-C2-CC-87</Data>
<Data Name="CallingStationID">00-16-41-E4-66-53</Data>
<Data Name="NASIPv4Address">192.168.0.220</Data>
<Data Name="NASIPv6Address">-</Data>
<Data Name="NASIdentifier">-</Data>
<Data Name="NASPortType">Ethernet </Data>
<Data Name="NASPort">50007</Data>
<Data Name="ClientName">switchg</Data>
<Data Name="ClientIPAddress">192.168.0.220</Data>
<Data Name="ProxyPolicyName">Secure Wired (Ethernet) Connections</Data>
<Data Name="NetworkPolicyName">Secure Wired (Ethernet) Connections</Data>
<Data Name="AuthenticationProvider">Windows </Data>
<Data Name="AuthenticationServer">WIN-AOQTOFCTBXE</Data>
<Data Name="AuthenticationType">EAP</Data>
<Data Name="EAPType">-</Data>
<Data Name="AccountSessionIdentifier">-</Data>
<Data Name="ReasonCode">1</Data>
<Data Name="Reason">An internal error occurred. Check the system event log for additional information. </Data>
</EventData>
</Event>

Any ideas would be great 

Regards,
Grant


----------



## cluberti (Aug 26, 2010)

The only time you should ever see this is if the RADIUS policy on the server is configured incorrectly (or is corrupt, or can't be read in properly, etc), or if the accounting logs cannot be created. Assuming the computer in question works propertly when connecting to your other server (and assuming the same switch backend) that is working properly, that would at least limit your problem to a port issue on the switch, not using the correct TCP port during accounting, or the software on the server in question itself. Some quick things I can think of:

Are you running any antivirus or endpoint protection software on that system that would be injecting itself into the TDI stack, by chance? I've heard of Symantec products affecting NPS in this sort of way, but I've honestly never seen it myself either.

Another thing I can think of to check is to get a network trace and make sure the authentication is using tcp port 1812 and accounting is using tcp 1813, to make sure things are actually working properly at the switch on this port for this server. Given the error does point to accounting logging not happening, it's always best to make sure our assumption that the switch and server are doing the right things on the right TCP ports are actually correct.

Lastly, it might be worthwhile to make sure that the machine has a machine cert - MMC, certificates, machine, personal, enroll (assuming one doesn't exist here). It's a bit of a leap, but you do want to make sure you have a valid machine cert when using EAP or PEAP.

At this point, if none of the above work, you've exhausted my NPS troubleshooting skills . Make sure auditing is enabled, and a call to Microsoft support might be in order if that doesn't help!


----------

