Microsoft Network Policy Server Events
This SAM application monitor template uses Windows System and Security Event Logs to assess the status and overall performance of a Microsoft Network Policy Server (NPS).
Prerequisites
WMI access to the target server.
Credentials
Windows Administrator on the target server.
Component monitors
All Windows Event Log monitors should return zero values. Returned values other than zero indicate an abnormality. If that occurs, examine the Windows System and Security log files to investigate the issue.
Warning: NPS discarded the request for a user
This monitor returns the number of events when the NPS discarded the request for a user.
Type of event: Warning. Event ID: 6274.
This condition occurs when the NPS discards accounting requests because the structure of the accounting request message that was sent by a RADIUS client does not comply with the RADIUS protocol. Reconfigure, upgrade, or replace the RADIUS client.
Warning: Domain Controller is not responsive
This monitor returns the number of events when domain controller is not responsive.
Type of event: Warning. Event ID: 4401.
Check your domain controller availability.
Warning: NPS denied access to a user
This monitor returns the number of events when the NPS denied access to a user.
Type of event: Warning. Event ID: 6273.
This error might be caused by one of the following conditions:
- The user does not have valid credentials;
- The connection method is not allowed by the network policy;
- The network access server is under attack;
- NPS does not have access to the user account database on the domain controller;
- NPS log files and/or the SQL Server database is not available.
Warning: Internal error
This monitor returns the number of events when an internal error occurred while processing a request.
Type of event: Warning. Event ID: 12.
This error is typically returned when an exception that is not identified by some other error occurs. This error can also be returned by Extensible Authentication Protocol (EAP) or channel.
Warning: NPS discarded the accounting request for a user
This monitor returns the number of events when NPS discarded the accounting request for a user.
Type of event: Warning. Event ID: 6275.
Network corruption, latency, or other network problems unrelated to NPS can produce this condition. Wait a short while to see if the condition still exists. This problem might resolve itself.
Warning: Remote RADIUS server has not responded
This monitor returns the number of events when the remote RADIUS server has not responded to consecutive requests.
Type of event: Warning. Event ID: 36.
Manually check the availability of the remote RADIUS server.
Warning: Server communication problems
This monitor returns the number of events when NPS cannot communicate with RADIUS clients due to different errors in the RADIUS message.
Type of event: Warning. Event ID: 15,16,17,18,19.
This condition can occur if the server running NPS receives one of the following from a RADIUS client:
- A response of a malformed message;
- A response that contains an incorrect value in the Code field;
- An Access-Request message that does not contain a Message-Authenticator attribute;
- A response that contains a message authenticator that is not valid;
- An Access-Request message that contains an Extensible Authentication Protocol (EAP) message, but no Message-Authenticator attribute.
Network corruption, latency, or other network problems unrelated to NPS might produce this condition. Wait a short while to confirm that the condition still exists. This problem might resolve itself.
Warning: NPS could not send a response due to network problems
This monitor returns the number of events when NPS could not send a response due to a network error. The data is the error code generated by Windows Sockets.
Type of event: Warning. Event ID: 22.
Use Windows Sockets error messages and documentation to determine the Windows Sockets reason for failure and to help determine the steps for a resolution.
Warning: RADIUS error occurred
This monitor returns the number of events when a RADIUS error occurred.
Type of event: Warning. Event ID: 23.
Use Windows Sockets error messages and documentation to determine the Windows Sockets reason for failure and to help determine the steps for a resolution.
Warning: Message with invalid authenticator
This monitor returns the number of events when a RADIUS message was received from a RADIUS client with an invalid authenticator.
Type of event: Warning. Event ID: 14.
This is typically caused by mismatched shared secrets. Verify the configuration of the shared secret for the RADIUS client in the Network Policy Server snap-in and the configuration of the network access server.
Warning: Response to client exceeds maximum message length
This monitor returns the number of events when the response to a RADIUS client exceeds the maximum RADIUS message length of 4096 bytes.
Type of event: Warning. Event ID: 21.
This condition can occur under the following circumstances:
- The RADIUS client configuration is incorrect and NPS received a RADIUS message that contains an authenticator that is not valid
- The RADIUS client needs to be updated because the size of the RADIUS message received from the RADIUS client exceeds the message size specified in the RADIUS protocol.
Warning: Could not resolve the name of RADIUS client
This monitor returns the number of events when the name of the RADIUS client could not be resolved. The data returned is the error code generated by Windows Sockets.
Type of event: Warning. Event ID: 10.
This condition can occur under the following circumstances:
- In the NPS Microsoft Management Console (MMC), a RADIUS client is configured by FQDN or NetBIOS name, rather than by IP address, and NPS has not received a DNS server response to the name resolution query. Without the IP address provided by the name resolution query, NPS cannot contact the RADIUS client;
- NPS receives communication from a RADIUS client that is not configured in the NPS MMC;
- In the NPS MMC, a RADIUS client is configured by either IPv4 or IPv6 address, but the format of the IP address is incorrect.
Warning: Wrong RADIUS clients IP address
This monitor returns the number of events when the IP address of the RADIUS client is not a valid IP address.
Type of event: Warning. Event ID: 11.
This condition can occur under the following circumstances:
- In the NPS MMC, a RADIUS client is configured by FQDN or NetBIOS name rather than by IP address, and NPS has not received a DNS server response to the name resolution query. Without the IP address provided by the name resolution query, NPS cannot contact the RADIUS client
- NPS receives communication from a RADIUS client that is not configured in the NPS MMC;
- In the NPS MMC, a RADIUS client is configured by either IPv4 or IPv6 address, but the format of the IP address is incorrect.
Warning: Message received from invalid RADIUS client IP
This monitor returns the number of events when a RADIUS message was received from the invalid RADIUS client IP address.
Type of event: Warning. Event ID: 13.
This condition can occur under the following circumstances:
- In the NPS MMC, a RADIUS client is configured by FQDN or NetBIOS name rather than by IP address, and NPS has not received a DNS server response to the name resolution query. Without the IP address provided by the name resolution query, NPS cannot contact the RADIUS client;
- NPS receives communication from a RADIUS client that is not configured in the NPS MMC;
- In the NPS MMC, a RADIUS client is configured by either IPv4 or IPv6 address, but the format of the IP address is incorrect.
Error: No available domain controllers
This monitor returns the number of events that occur when there is no domain controller available for the domain.
Type of event: Error. Event ID: 4402.
You should check your domain controller availability.
Error: NPS license compliance
This monitor returns the number of events when this edition of Windows Server cannot support any of the following NPS configurations:
- More than 50 RADIUS clients;
- More than two RADIUS server groups;
- Client identification by subnet mask.
Type of event: Error. Event ID: 46.
To set up your server to support any of these configurations, install a Windows Server edition without these limitations.
Error: Disk is full
This monitor returns the number of events that occur when a disk is full. NPS could not delete older log files to create free space or could not find older an log file to delete and create free space.
Type of event: Error. Event ID: 43,44.
Verify that there is free disk space.
Error: RADIUS proxy could not resolve the name of remote server
This monitor returns the number of events when the RADIUS Proxy could not resolve the name of remote RADIUS server in a remote RADIUS server group to an IP address.
Type of event: Error. Event ID: 24.
Manually check DNS settings and the availability of the remote RADIUS server.
Error: Unable to forward request to remote server
This monitor returns the number of events that occur when the RADIUS Proxy was unable to forward a RADIUS request to a remote RADIUS server because of a network error.
Type of event: Error. Event ID: 33.
Manually check the network configuration.