Authentication/Accounting failure

Authentication_Accounting_failure_1_Rule (Rule)

Knowledge Base article:

Management Pack

Summary

The Routing and Remote Access service encountered an error while performing authentication or accounting.

 

Causes

The most common reasons for this error are:

1.     The RADIUS server did not respond to an authentication or an accounting request.

2.     The service failed to retrieve a usable Remote Access Server certificate.

3.     The connection attempt failed because Windows Authentication could not authenticate the user. The user might have specified incorrect credentials.

4.     The RADIUS server sent an invalid response.

 

Resolutions

1.     Open Routing and Remote Access and verify that

                      i.        The server DNS name or IP address of the RADIUS server(s) is entered correctly.

                     ii.        The secret used to connect to the RADIUS server(s) is entered correctly.

2.     Make sure that the user specifies correct credentials.

3.     Verify whether the network protocols are correctly configured on the server and the client.

 

Sample Event

Sample Event #1: The RADIUS server %1 did not respond to the initial request. Please make sure that the server name or IP address and secret are correct.
Sample Event #2: Could not retrieve the Remote Access Server's certificate due to the following error: %1
Sample Event #3: The user %1 failed an authentication attempt due to the following reason: %2
Sample Event #4: The user %1 connected from %2 but failed an authentication attempt due to the following reason: %3
Sample Event #5: An invalid response was received from the RADIUS server %1. %2

 

© 2004 Microsoft Corporation, all rights reserved.

 

Element properties:

TargetMicrosoft.Windows.Server.RRAS.2008.Server
CategoryEventCollection
EnabledTrue
Event SourceRemoteAccess
Alert GenerateFalse
RemotableTrue
Event LogSystem

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
WriteToDB WriteAction Microsoft.SystemCenter.CollectEvent Default

Source Code:

<Rule ID="Authentication_Accounting_failure_1_Rule" Enabled="true" Target="Microsoft.Windows.Server.RRAS.2008.Server" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>System</LogName>
<Expression>
<And>
<Expression>
<RegExExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>MatchesRegularExpression</Operator>
<Pattern>^(20146|20168|20187|20189|20196)$</Pattern>
</RegExExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">RemoteAccess</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="WriteToDB" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>
</WriteActions>
</Rule>