Asked By NVVN
20-Nov-09 12:46 AM
Hi :)
I am trying to set up two RRAS (are in same site) in NLB to use multiple
IAS (two IAS on two DC's at different sites for redunancy) on Win Svr
2003 R2.
I am confused about "queried in order from the highest to the lowest
score" value when setting up RADIUS authentication at RRAS.
For example if I setup that IAS1 have value 20 and IAS2 have value 30
does that mean that IAS1 will be first choosen for authentication
because have highest score (highest value). What here is highest score:
20 or 30 ? I think that highest score here is 20 because right now I
have situation that authentication is doing on IAS1.
Does that mean that RRAS will be always use IAS1 for authentication
untill IAS1 goes offline and RRAS than choose IAS2 ?
I do not like current situation because if link between sites goes down I
have RRAS on one side and IAS on other side of "river" :) and there will
be no authentication.
One more thing, I am also confused because I turn on settings "use
message authenticator attribute" at RRAS and also turn it on when
setting up IAS - RADIUS client but I have errors in event log:
Event ID: 17
An Access-Request message was received from RADIUS client RRAS2 without
a message authenticator attribute when a message authenticator attribute
is required. Verify the configuration of the RADIUS client in the
Internet Authentication Service snap-in (the "Client must always send
the message authenticator attribute in the request" checkbox) and the
configuration of the network access server.