Troubleshooting the failure of mschapV2 authentication for iMC-EIA at a certain site
- 0 Followed
- 0Collected ,1905Browsed
Network Topology
EIA 7.3E0505
Cooperate with AD domain controller for mschapV2 authentication
Problem Description
Using iMC-EIA with Microsoft AD for MSCHAPV2 authentication fails
Process Analysis
1) Analyze mschapv2 log. By analyzing ChapV2Jserver.log, the log has the following records:
From the log, we can see that EIA failed to connect to the AD server using smb.
(2) Check whether the SMB1 and SMB2 protocols of the LDAP server are enabled. The EIA7.3E0505 version only supports the SMB1 protocol. E0510 and subsequent versions begin to support both the SMB1 and SMB2 protocols. Check as follows:
<1>Log in to the LDAP server remote desktop
<2>Open Powershell and execute the Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol command. If the output is EnableSMB1Protocol is False, it means that the SMB1 protocol is not enabled.
<3>The method to enable SMB1 protocol is not yet available. Open PowerShell and execute Set-SmbServerConfiguration -EnableSMB1Protocol $true
<4> No need to restart the LDAP server
(3) After enabling the SMB1 protocol, the IMC needs to reacquire the SMB1 connection, so the IMC server needs to be restarted. If the server cannot be restarted as a whole, you can only restart the mschapv2 process.
Solution
(1) Enable SMB1 protocol
(2) Or upgrade EIA to 7.3E0510 and subsequent versions to support SMB2 protocol