No announcement yet.

IAS 2003 Proxy Error - Event ID 18

  • Filter
  • Time
  • Show
Clear All
new posts

  • IAS 2003 Proxy Error - Event ID 18

    Hi All,

    I am in the middle of a 2000 -> 2003 migration, and I'm trying to set up a way to authenticate my wireless clients in the new forest and the old forest simultaneously.

    I have configured Certificate Services and IAS in the new domain, no problem. I can authenticate clients in the new domain now

    The problem comes when I try to use IAS Proxying to send requests from members of the old domain to the old IAS server (which is W2k SP4).

    When I try, I get Event ID 18 "An Access-Request was received from client <MyIASProxy> with a signature attribute that is not valid" on the IAS server in the old W2k domain.

    At the same time, the new IAS server in the W2k3 domain logs Event ID 3 - the request was discarded - giving the reason as "The remote RADIUS server did not respond".

    I'm using certificates and PEAP for this, and I have two-way external trust configured between the two forests, which is working. I have checked the shared secret as well which is fine.

    Can anyone help me solve this?

    Edit: By the way, this is what I get in IASRAD.log with tracing enabled on the IAS server in the new domain/forest:

    [4372] 07-09 15:23:34:926: Message Authenticator in request packet does not match the Message Authenticator generated by the server
    [4372] 07-09 15:23:34:926: Silently discarding packet received
    Last edited by WhiteTR; 9th July 2007, 16:02.

  • #2
    Re: IAS 2003 Proxy Error - Event ID 18


    Turned out it was the Shared Secret, which hadn't taken affect because I hadn't restarted the service.

    Well, another lesson learned


    • #3
      Re: IAS 2003 Proxy Error - Event ID 18

      Well done and thanks for posting back with the solution. It is appreciated by us and should be by anyone who has the same problem in the future.
      Joined: 23rd December 2003
      Departed: 23rd December 2015