AccessRejectException: Access Denied

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

AccessRejectException: Access Denied

pglamb
Good morning all.

I'm trying to setup two-factor authentication for the VPN on our Cisco ASA 5505 (ASA ver. 8.2) using Network Policy Server on Windows Server 2008 R2 Standard and WiKID Strong Authentication Enterprise Server. I've completed the configuration following How to add two-factor authentication to a Cisco ASA 5500 IPSec VPN and How to add two-factor authentication to NPS. When I try to log in, I can generate a one-time password with the WiKID client but am not able to successfully authenticate. The event log on the NPS server logs an entry saying "The remote RADIUS (Remote Authentication Dial-In User Service) server did not process the authentication request." and the WiKID server logs an entry saying "<1> Access-Request(1) LEN=164 X.X.X.X:54221 Access-Request by (user name) Failed: AccessRejectException: Access Denied.

I've searched through the WiKID Strong Authentication Forums but haven't found a solution.

Has anyone been successful with a similar setup?

Thanks for reading,

Pat Lamb
Reply | Threaded
Open this post in threaded view
|

Re: AccessRejectException: Access Denied

Nick Owen
Administrator
Pat,


Make sure the IPs are correct and restart WiKID.

Nick

On Mar 16, 2018 16:28, "pglamb [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:
Good morning all.

I'm trying to setup two-factor authentication for the VPN on our Cisco ASA 5505 (ASA ver. 8.2) using Network Policy Server on Windows Server 2008 R2 Standard and WiKID Strong Authentication Enterprise Server. I've completed the configuration following How to add two-factor authentication to a Cisco ASA 5500 IPSec VPN and How to add two-factor authentication to NPS. When I try to log in, I can generate a one-time password with the WiKID client but am not able to successfully authenticate. The event log on the NPS server logs an entry saying "The remote RADIUS (Remote Authentication Dial-In User Service) server did not process the authentication request." and the WiKID server logs an entry saying "<1> Access-Request(1) LEN=164 X.X.X.X:54221 Access-Request by (user name) Failed: AccessRejectException: Access Denied.

I've searched through the WiKID Strong Authentication Forums but haven't found a solution.

Has anyone been successful with a similar setup?

Thanks for reading,

Pat Lamb


If you reply to this email, your message will be added to the discussion below:
http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AccessRejectException-Access-Denied-tp7575479.html
To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML
Reply | Threaded
Open this post in threaded view
|

RE: AccessRejectException: Access Denied

pglamb

Thanks for the quick reply.

 

The WiKID server is logging a message saying “<1> Access-Request(1) LEN=164 10.111.111.21:62904 Access-Request by plamb Failed: AccessRejectException: Access Denied”. The 10.111.111.21 address is my NPS server so, I believe, this means that the firewall is successfully sending the request to the NPS server, and it’s sending the request to the WiKID server (thus the log message). Wouldn’t This show that all IP addresses are correct?

 

Also, which source is the WiKIDAdmin log? Here’s what I’m seeing when I set the level to “Debug” on the Log Viewer:

Timestamp

Level

Source

Message

Exception

https://yaharawikid/WiKIDAdmin/images/toolFilter.png2018-03-16 10:23:35.060

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngINFO

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngcom.wikidsystems.radius.access.WikidAccess4

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngAccess denied for plamb, domain code: 066170014232 client: /10.111.111.21

 

https://yaharawikid/WiKIDAdmin/images/toolFilter.png2018-03-16 10:23:35.060

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngINFO

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngcom.wikidsystems.radius.log.DBSvrLogImpl

https://yaharawikid/WiKIDAdmin/images/toolFilter.png<1> Access-Request(1) LEN=164 10.111.111.21:62904 Access-Request by plamb Failed: AccessRejectException: Access Denied

 

https://yaharawikid/WiKIDAdmin/images/toolFilter.png2018-03-16 10:23:24.957

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngINFO

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngcom.wikidsystems.server.DeviceTransactionExec

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngIssued passcode to device 6605769698141288098

 

 

 

Thanks again,

 

Pat Lamb

 

From: Nick Owen [via WiKID Strong Authentication Forums] [mailto:ml+[hidden email]]
Sent: Friday, March 16, 2018 10:35 AM
To: Patrick Lamb <[hidden email]>
Subject: Re: AccessRejectException: Access Denied

 

Pat,

 

 

Make sure the IPs are correct and restart WiKID.

 

Nick

 

On Mar 16, 2018 16:28, "pglamb [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:

Good morning all.

I'm trying to setup two-factor authentication for the VPN on our Cisco ASA 5505 (ASA ver. 8.2) using Network Policy Server on Windows Server 2008 R2 Standard and WiKID Strong Authentication Enterprise Server. I've completed the configuration following How to add two-factor authentication to a Cisco ASA 5500 IPSec VPN and How to add two-factor authentication to NPS. When I try to log in, I can generate a one-time password with the WiKID client but am not able to successfully authenticate. The event log on the NPS server logs an entry saying "The remote RADIUS (Remote Authentication Dial-In User Service) server did not process the authentication request." and the WiKID server logs an entry saying "<1> Access-Request(1) LEN=164 X.X.X.X:54221 Access-Request by (user name) Failed: AccessRejectException: Access Denied.

I've searched through the WiKID Strong Authentication Forums but haven't found a solution.

Has anyone been successful with a similar setup?

Thanks for reading,

Pat Lamb


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AccessRejectException-Access-Denied-tp7575479.html

To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML

 


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AccessRejectException-Access-Denied-tp7575479p7575480.html

To unsubscribe from AccessRejectException: Access Denied, click here.
NAML

Reply | Threaded
Open this post in threaded view
|

RE: AccessRejectException: Access Denied

Nick Owen
Administrator
Is your user still enabled?

On Mar 16, 2018 16:55, "pglamb [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:

Thanks for the quick reply.

 

The WiKID server is logging a message saying “<1> Access-Request(1) LEN=164 10.111.111.21:62904 Access-Request by plamb Failed: AccessRejectException: Access Denied”. The 10.111.111.21 address is my NPS server so, I believe, this means that the firewall is successfully sending the request to the NPS server, and it’s sending the request to the WiKID server (thus the log message). Wouldn’t This show that all IP addresses are correct?

 

Also, which source is the WiKIDAdmin log? Here’s what I’m seeing when I set the level to “Debug” on the Log Viewer:

Timestamp

Level

Source

Message

Exception

https://yaharawikid/WiKIDAdmin/images/toolFilter.png2018-03-16 10:23:35.060

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngINFO

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngcom.wikidsystems.radius.access.WikidAccess4

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngAccess denied for plamb, domain code: 066170014232 client: /10.111.111.21

 

https://yaharawikid/WiKIDAdmin/images/toolFilter.png2018-03-16 10:23:35.060

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngINFO

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngcom.wikidsystems.radius.log.DBSvrLogImpl

https://yaharawikid/WiKIDAdmin/images/toolFilter.png<1> Access-Request(1) LEN=164 10.111.111.21:62904 Access-Request by plamb Failed: AccessRejectException: Access Denied

 

https://yaharawikid/WiKIDAdmin/images/toolFilter.png2018-03-16 10:23:24.957

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngINFO

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngcom.wikidsystems.server.DeviceTransactionExec

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngIssued passcode to device 6605769698141288098

 

 

 

Thanks again,

 

Pat Lamb

 

From: Nick Owen [via WiKID Strong Authentication Forums] [mailto:[hidden email][hidden email]]
Sent: Friday, March 16, 2018 10:35 AM
To: Patrick Lamb <[hidden email]>
Subject: Re: AccessRejectException: Access Denied

 

Pat,

 

 

Make sure the IPs are correct and restart WiKID.

 

Nick

 

On Mar 16, 2018 16:28, "pglamb [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:

Good morning all.

I'm trying to setup two-factor authentication for the VPN on our Cisco ASA 5505 (ASA ver. 8.2) using Network Policy Server on Windows Server 2008 R2 Standard and WiKID Strong Authentication Enterprise Server. I've completed the configuration following How to add two-factor authentication to a Cisco ASA 5500 IPSec VPN and How to add two-factor authentication to NPS. When I try to log in, I can generate a one-time password with the WiKID client but am not able to successfully authenticate. The event log on the NPS server logs an entry saying "The remote RADIUS (Remote Authentication Dial-In User Service) server did not process the authentication request." and the WiKID server logs an entry saying "<1> Access-Request(1) LEN=164 X.X.X.X:54221 Access-Request by (user name) Failed: AccessRejectException: Access Denied.

I've searched through the WiKID Strong Authentication Forums but haven't found a solution.

Has anyone been successful with a similar setup?

Thanks for reading,

Pat Lamb


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AccessRejectException-Access-Denied-tp7575479.html

To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML

 


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AccessRejectException-Access-Denied-tp7575479p7575480.html

To unsubscribe from AccessRejectException: Access Denied, click here.
NAML




If you reply to this email, your message will be added to the discussion below:
http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AccessRejectException-Access-Denied-tp7575479p7575481.html
To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML
Reply | Threaded
Open this post in threaded view
|

RE: AccessRejectException: Access Denied

pglamb

Thank you!

 

NO, I had deleted my original “plamb” user in trying to troubleshoot an earlier error. I created a new user and logged in without problem

 

From: Nick Owen [via WiKID Strong Authentication Forums] [mailto:ml+[hidden email]]
Sent: Friday, March 16, 2018 11:04 AM
To: Patrick Lamb <[hidden email]>
Subject: RE: AccessRejectException: Access Denied

 

Is your user still enabled?

 

On Mar 16, 2018 16:55, "pglamb [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:

Thanks for the quick reply.

 

The WiKID server is logging a message saying “<1> Access-Request(1) LEN=164 10.111.111.21:62904 Access-Request by plamb Failed: AccessRejectException: Access Denied”. The 10.111.111.21 address is my NPS server so, I believe, this means that the firewall is successfully sending the request to the NPS server, and it’s sending the request to the WiKID server (thus the log message). Wouldn’t This show that all IP addresses are correct?

 

Also, which source is the WiKIDAdmin log? Here’s what I’m seeing when I set the level to “Debug” on the Log Viewer:

Timestamp

Level

Source

Message

Exception

https://yaharawikid/WiKIDAdmin/images/toolFilter.png2018-03-16 10:23:35.060

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngINFO

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngcom.wikidsystems.radius.access.WikidAccess4

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngAccess denied for plamb, domain code: 066170014232 client: /10.111.111.21

 

https://yaharawikid/WiKIDAdmin/images/toolFilter.png2018-03-16 10:23:35.060

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngINFO

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngcom.wikidsystems.radius.log.DBSvrLogImpl

https://yaharawikid/WiKIDAdmin/images/toolFilter.png<1> Access-Request(1) LEN=164 10.111.111.21:62904 Access-Request by plamb Failed: AccessRejectException: Access Denied

 

https://yaharawikid/WiKIDAdmin/images/toolFilter.png2018-03-16 10:23:24.957

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngINFO

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngcom.wikidsystems.server.DeviceTransactionExec

https://yaharawikid/WiKIDAdmin/images/toolFilter.pngIssued passcode to device 6605769698141288098

 

 

 

Thanks again,

 

Pat Lamb

 

From: Nick Owen [via WiKID Strong Authentication Forums] [mailto:[hidden email][hidden email]]
Sent: Friday, March 16, 2018 10:35 AM
To: Patrick Lamb <[hidden email]>
Subject: Re: AccessRejectException: Access Denied

 

Pat,

 

 

Make sure the IPs are correct and restart WiKID.

 

Nick

 

On Mar 16, 2018 16:28, "pglamb [via WiKID Strong Authentication Forums]" <[hidden email]> wrote:

Good morning all.

I'm trying to setup two-factor authentication for the VPN on our Cisco ASA 5505 (ASA ver. 8.2) using Network Policy Server on Windows Server 2008 R2 Standard and WiKID Strong Authentication Enterprise Server. I've completed the configuration following How to add two-factor authentication to a Cisco ASA 5500 IPSec VPN and How to add two-factor authentication to NPS. When I try to log in, I can generate a one-time password with the WiKID client but am not able to successfully authenticate. The event log on the NPS server logs an entry saying "The remote RADIUS (Remote Authentication Dial-In User Service) server did not process the authentication request." and the WiKID server logs an entry saying "<1> Access-Request(1) LEN=164 X.X.X.X:54221 Access-Request by (user name) Failed: AccessRejectException: Access Denied.

I've searched through the WiKID Strong Authentication Forums but haven't found a solution.

Has anyone been successful with a similar setup?

Thanks for reading,

Pat Lamb


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AccessRejectException-Access-Denied-tp7575479.html

To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML

 


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AccessRejectException-Access-Denied-tp7575479p7575480.html

To unsubscribe from AccessRejectException: Access Denied, click here.
NAML

 


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AccessRejectException-Access-Denied-tp7575479p7575481.html

To start a new topic under Support, email [hidden email]
To unsubscribe from WiKID Strong Authentication Forums, click here.
NAML

 


If you reply to this email, your message will be added to the discussion below:

http://wikid-strong-authentication-forums.1491522.n2.nabble.com/AccessRejectException-Access-Denied-tp7575479p7575482.html

To unsubscribe from AccessRejectException: Access Denied, click here.
NAML