A Microsoft Windows Network Policy Server (RADIUS) logs the System Error: “An Access-Request message was received from RADIUS client x.x.x.x with a Message-Authenticator attribute that is not valid.”

Problem

You notice that wireless clients authenticating with a wireless controller that uses a Microsoft Windows Network Policy server fails and the following error is logged:

Log Name: System
Source: NPS
Event ID: 18
Level: Error

An Access-Request message was received from RADIUS client 172.23.192.16 with a Message-Authenticator attribute that is not valid.

Solution

This error is typically caused by a shared secret mismatch between what is configured for the RADIUS client and the NPS server. Correcting the mismatch will remediate the issue and the following events will be logged on the NPS server:

Log Name: System
Source: NPS
Event ID: 4400
Level: Information

A LDAP connection with domain controller DC02.contoso.com for domain CONTOSO is established.