The has to be something in a packet capture ...
Have tried ping from MX to internal Radius-server with success.
When I capture from LAN while trying to connect I get nothing about radius in the log.
When the client is trying to connect it fails right away with error.
Would you share a screenshot of your config with us?
Delete. Wrong post.
Do the Network Policy Server logs show anything? They are in an unwieldy XML format, but they will tell you 1) if the request made it to the server and 2) what the NPS server's response was. The log files default to %systemroot%\System32\LogFiles but you can change the location from the Accounting tab in the NPS MMC snapin. The files are rotated daily with the date in the filename, so make sure you grab the right one.
Thanks, I will look at that.
Right now nothing works.
I can't even connect with Cloud Authentication.
Have setup this a few times before but this setup is haunted by evil spirits or something.
Maybe it is my clients thats is the problem.
But I can connect to other Meraki VPN.
Need to start over and verify every step.
You don't say which RADIUS server you are using - but it is the RADIUS server denying the user, so you have to look at the RADIUS server logs to determine why it is doing this.
If you are using Microsoft NPS, go to the security log and filter on event IDs 6272, 6273. 6273 will contain the deny. Look at the reason it is giving.
Hi!
We have Windows Server 2016 and MS Network Policy Server installed.
All ports are for now opened, in and out.
The Network contains of one Hub and multiple Spoke.
This MX is a spoke.
All MX have a VPN connection to our servercloud where the Network Policy Server is.
It's an VMWare Edge, so Non-Meraki Site to Site VPN.
There are no event logs with those eventIDs on the Policy Server.
The MX can ping the Policy Server both on LAN and on Internet.