Hello,

Had radius working fine for about 2 months, then all of a sudden no users can authenticate. Radius log shows:

[2009-05-05 08:52:20 AM] Access Rejected
10.212.149.4, user, Miscellaneous error (-1673)

Happens to all users. I've checked and rechecked passords and shared secrets, to no avail. Recreated the DAS and DAP and Login Policy, and user accounts. Can't think of any change to the server that preceded this issue. Can't really find any info on the nets regarding a -1673 radius error. Help!

Here's the raddbg output:

[2009-05-06 08:31:24 AM] Deleting file "sys:etc\radius\log\20090429.log", failed
[2009-05-06 08:31:24 AM] Parameter count = 1
[2009-05-06 08:31:24 AM] argv[0] = SYS:SYSTEM\RADIUS.NLM
[2009-05-06 08:31:24 AM] Tree Name = "<null>"
[2009-05-06 08:31:24 AM] Login Name = "<null>"
[2009-05-06 08:31:24 AM] Name = "<null>"
[2009-05-06 08:31:24 AM] Workers = 0
[2009-05-06 08:31:24 AM] Port = 0
[2009-05-06 08:31:24 AM] Error encountered = 0
[2009-05-06 08:31:24 AM] Checking if parameters are to be retrieved from Registry
[2009-05-06 08:31:24 AM] Got Tree Name from registry, "<null>"
[2009-05-06 08:31:24 AM] Got Login Name from registry, "<null>"
[2009-05-06 08:31:24 AM] Got Service Name from registry, "<null>"
[2009-05-06 08:31:24 AM] Got Number Threads from registry, 5
[2009-05-06 08:31:24 AM] Got Service Port from registry, 1645
[2009-05-06 08:31:24 AM] Got Accounting Port from registry, 1646
[2009-05-06 08:31:24 AM] Got Accounting Path from registry, "sys:\etc\radius\acct"
[2009-05-06 08:31:24 AM] Got Accounting File Format from registry, "comma"
[2009-05-06 08:31:24 AM] Got RollOver from registry, "daily"
[2009-05-06 08:31:24 AM] Services supported, [2009-05-06 08:31:24 AM] "authentication" [2009-05-06 08:31:24 AM] "accounting" [2009-05-06 08:31:24 AM]
[2009-05-06 08:31:24 AM] Got Accounting Attribute File from registry, sys:\etc\radius\radacct.atr
[2009-05-06 08:31:24 AM] Got Authentication Path from registry, sys:etc\radius
[2009-05-06 08:32:08 AM] Debug logging enabled to file sys:etc\radius\debug\raddbg.log
[2009-05-06 08:32:18 AM] 2) [(ip) 10.212.149.4:42507], Received 50 Bytes (Access-Request (1))
[2009-05-06 08:32:18 AM] [(total=2) (p=1) (d=0) (r=0) (acc=0) (rej=0)]
[2009-05-06 08:32:18 AM] <3> Done GetNextMessage [(ip) 10.212.149.4:42507]: time:469358
[2009-05-06 08:32:18 AM] -------- START : (Access-Request (1)) [(ip) 10.212.149.4:42507]: time:77417453---
[2009-05-06 08:32:18 AM] CACHE: CacheDomainListExist(das.border.mmwd), using cache
[2009-05-06 08:32:18 AM] AuthRequestHandler(), Calling RequestHandler.
[2009-05-06 08:32:18 AM] CACHE: CacheReadSecretForNASAddress(das.border.mmwd), using cache
[2009-05-06 08:32:18 AM] CACHE: CacheGetEnableCNLogin(das.border.mmwd), using cache
[2009-05-06 08:32:18 AM] CacheGetDNForName(user), Using cache
[2009-05-06 08:32:18 AM] (->)CacheGetDNForName:NWDSReadObjectInfo(user), succeeded, time:6
[2009-05-06 08:32:18 AM] userName: user
[2009-05-06 08:32:18 AM] userDN: user.RADIUS_Users.Border.mmwd
[2009-05-06 08:32:18 AM] (->)NDSVerifyAttr:NWDSRead(user.RADIUS_Users.Border. mmwd,RADIUS:Dial Access Group) succeeded, time:5
[2009-05-06 08:32:18 AM] User "user.RADIUS_Users.Border.mmwd", does not have "RADIUS:Dial Access Group" defined, trying parent "RADIUS_Users.Border.mmwd"
[2009-05-06 08:32:18 AM] (->)NWDSCompare:(RADIUS_Users.Border.mmwd) succeeded, time:5
[2009-05-06 08:32:18 AM] (->)NWDSRead(user.RADIUS_Users.Border.mmwd,RADIUS Enable Attr) failed, no such attribute (-603), time:5
[2009-05-06 08:32:18 AM] (->)User "user.RADIUS_Users.Border.mmwd", Looking in (RADIUS_Users.Border.mmwd) for (RADIUS:Enable Dial Access)
[2009-05-06 08:32:18 AM] (->)NWDSRead(RADIUS_Users.Border.mmwd,RADIUS Enable Attr) succeeded, time:5
[2009-05-06 08:32:18 AM] User Name: user, User DN: user.RADIUS_Users.Border.mmwd, Domain: , Service Tag:
[2009-05-06 08:32:18 AM] (->)NADMAuthRequest()
[2009-05-06 08:32:18 AM] (->)NADMAuthRequest(user.RADIUS_Users.Border.mmwd) failed, -1673 (0xfffff977), time:15
[2009-05-06 08:32:18 AM] (->)Authenticate (0 policy, NDS pswd) (for user.RADIUS_Users.Border.mmwd), failed, -1673 (0xfffff977)
[2009-05-06 08:32:18 AM] (->)Authentication FAILED
[2009-05-06 08:32:18 AM] ->Sending Access-Reject (3) [(ip) 10.212.149.4(42507)] count=20
[2009-05-06 08:32:18 AM] ->Inserting into RespQ , code(3) id(8).
[2009-05-06 08:32:18 AM] -------- END : (Access-Request (1)) [(ip) 10.212.149.4:42507]: time:77417508---

Has anyone seen this (-1673) error? Anything obvious in the raddbg log? Any ideas would be appreciated. Thanks!