Microsoft PEAP RADIUS Shared Secret Error

Wi-Fi Signal logo

Wi-Fi Signal (Photo credit: Wikipedia)

If your RADIUS shared secret does not match on the Wireless Access Point (WAP) and Microsoft RADIUS Server, you will get a confusing error message that doesn’t clearly indicate the pass-phrase mis-match. Your RADIUS Events will be listed in Server Manager under the Network Policy and Access Services (NPAS) Events list. You can update the shared secret on the server for each client under Network Policy Server (NPS) – RADIUS Clients and Servers – RADIUS Clients. Each pass-phrase will need to match the one your configure on your wireless hardware that will be authenticating with WPA2-Enterprise (Microsoft PEAP, or other authentication method). An example error message follows:

Source: NPS, Event ID: 18, Level: Error, Message: An Access-Request message was received from RADIUS client with a Message-Authenticator attribute that is not valid. (Fake IP was used for this example)

If you encounter this problem, double and triple check that the passwords match – usually by re-typing them in both the RADIUS server and client wireless hardware. For good measure I recommend rebooting the wireless hardware and re-starting the NPS RADIUS service to make sure they’re using the updated pass-phrases.

There is a related discussion of this error on the Windows Server Forums: NPS Error code 18 ( The solution for the Original Poster was the one I needed as well.


About notesbytom

Keeping technology notes on to free up my mind to solve new problems rather than figuring out the same ones repeatedly :-).
This entry was posted in Networking, System Administration and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s