When attempting to connect a host to a Certificate Enrolment Policy Server it worked but had the following complaint;
WARNING: The URI “https://{Host-Name}ADPolicyPRovice_CEP_{Method}/service.svc/CEP” was validated sucessfully but there was no friendly name returned by the remote machine.
Solution
On your certificate enrolment policy server, open the Internet Information Servers (IIS) Management console. Expand {Server-Name} > Sites > Default Web Site > ADPolicyProvider_CEP_Kerberos, (yours may not end with kerberos) > Application Settings.
Locate the Friendly Name section > Enter a descriptive name for your CEP portal > OK.
Step 2 Configure Windows 2012 Server to allow RADIUS
7. On the Windows 2008 Server > Launch Server Manager > Roles > Add Role.
8. If you get a welcome page > Next > Select Network Policy and Access Server > Next >Next.
9. Select ‘Network Policy Server’ > Next > Install.
10. Close, when complete.
11. Whilst still in Server Manager > Network Policy and Access Server > NPS (Local).
12. Register Server in Active Directory >OK > OK.
13. Expand RADIUS Clients and Servers > Right click RADIUS Clients > New.
14. Give the firewall a friendly name, (take note of what this is, you will need it again) > Specify its IP > Enter the shared secret you setup above (number 5) > OK.
15. Expand policies > right click ‘Connection Request Policies’ > New > Give the policy a name > Next.
16. Add a condition > Set the condition to ‘Client Friendly Name’ > Add.
17. Specify the name you set up above (number 14) > OK > Next > Next > Next.
18. Change the attribute to User-Name > Next > Finish.
19. Now right click ‘Network Policies’ > New > Give the policy a name> Next.
20. Add a condition > User Groups > Add.
21. Add in the AD security group you want to allow access to > OK > Next > Next.
22. Select ‘Unencrypted Authentication PAPSPAP” > Next > No > Next > Next > Finish.
Step 3 Test RADIUS Authentication
23. Back at the ASDM, in the same page you were in previously, select your server and then click ‘Test’.
24. Change the selection to Authentication > Enter your domain credentials > OK.
25. You are looking for a successful outcome.
Note: if it fails check there is physical connectivity between the two devices, the shared secrets match. Also ensure UDP ports 1645 and 1646 are not being blocked.
To Test AAA RADIUS Authentication from Command Line
[box]
test aaa-server authentication PNL-RADIUS host 172.16.254.223 username petelong password password123
[/box]
26. Finally, save the firewall changes > File > Save running configuration to flash.
Related Articles, References, Credits, or External Links