This morning one of my customers had issues with clients using 802.1x authentication to connect to the network.
Symptoms
On our NPS server all of our clients were generating these log entries:
EventID 6273
Network Policy Server denied access to a user
<Data Name=”CalledStationID”>xx-xx-xx-xx-xx-xx</Data>
<Data Name=”CallingStationID”>xx-xx-xx-xx-xx-xx</Data>
<Data Name=”NASIPv4Address”>10.xx.xx.xx</Data>
<Data Name=”NASIPv6Address”>-</Data>
<Data Name=”NASIdentifier”>xxxxxx</Data>
<Data Name=”NASPortType”>Ethernet</Data>
<Data Name=”NASPort”>3</Data>
<Data Name=”ClientName”>Network-Management</Data>
<Data Name=”ClientIPAddress”>10.xx.xx.xx</Data>
<Data Name=”ProxyPolicyName”>Use Windows authentication for all users</Data>
<Data Name=”NetworkPolicyName”>xxxx</Data>
<Data Name=”AuthenticationProvider”>Windows</Data>
<Data Name=”AuthenticationServer”>xxxxx</Data>
<Data Name=”AuthenticationType”>EAP</Data>
<Data Name=”EAPType”>Microsoft: Smart Card or other certificate</Data>
<Data Name=”AccountSessionIdentifier”>-</Data>
<Data Name=”ReasonCode”>16</Data>
<Data Name=”Reason”>Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.</Data>
<Data Name=”LoggingResult”>Accounting information was written to the local log file.</Data>
In the client log files (Wired autoconfig), the error was:
The authenticator is no longer present
Resolution
This error was caused when one of our domain controllers were patched with the May 2022 patch (KB5013941). This caused issue with certificate mapping.
The error is further described here: Windows 10, version 21H2 | Microsoft Docs
The resolution for this is to install the latest out of band updates from Microsoft via the Update catalog. As of this writing they are not available through WSUS or Windows Update.
Cumulative updates:
- Windows Server 2022: KB5015013
- Windows Server, version 20H2: KB5015020
- Windows Server 2019: KB5015018
- Windows Server 2016: KB5015019
Standalone Updates:
- Windows Server 2012 R2: KB5014986
- Windows Server 2012: KB5014991
- Windows Server 2008 R2 SP1: KB5014987
- Windows Server 2008 SP2: KB5014990
when was the problem discovered?
Hi! After the 2022 May update was released 🙂