Share via


Event ID 21 — RADIUS Client Communication

Applies To: Windows Server 2008

Network Policy Server (NPS) exchanges RADIUS messages with RADIUS clients. RADIUS messages exchanged between NPS and RADIUS clients must comply with the RADIUS protocol specification or NPS might not be able to process connection requests.

Event Details

Product: Windows Operating System
ID: 21
Source: NPS
Version: 6.0
Symbolic Name: RADIUS_E_PACKET_OVERFLOW
Message: The response to RADIUS client %1 exceeds the maximum RADIUS message length of 4096 bytes.

Resolve

Fix RADIUS client communication issues

This condition can occur under the following circumstances:

  • The RADIUS client configuration is incorrect, and NPS received a RADIUS message that contains an authenticator that is not valid.
  • The RADIUS client needs to be updated because the size of a RADIUS message received from the RADIUS client exceeds the message size specified in the RADIUS protocol.

To perform this procedure, you must be a member of Domain Admins.

To change the RADIUS client configuration:

  1. Open the NPS Microsoft Management Console (MMC), and double-click RADIUS Clients and Servers.
  2. Click RADIUS Clients, and then locate and double-click the RADIUS client whose configuration you want to check. Confirm that the shared secret and IP address are correct.
  3. On the network access server, make sure the shared secret is the same as the one used in NPS.
  4. If the shared secret is the same, consult your network access server documentation to confirm that the network access server complies with RADIUS standards, as defined by the Internet Engineering Task Force (IETF). If it does not, contact the RADIUS client vendor and request a firmware or other update as needed, and then apply the update according to the vendor's documentation.

Verify

To verify RADIUS client communication:

  1. Use a network access client to connect to the network through the RADIUS client that previously sent RADIUS messages that contained an incorrect authenticator or whose message size exceeded the RADIUS protocol.
  2. The access client should be able to connect successfully to the network through the RADIUS client.

RADIUS Client Communication

Network Policy Server Infrastructure