Event ID - 18

Event Id18
SourceNPS
DescriptionAn Access-Request message was received from RADIUS client %1 with a message authenticator attribute that is not valid.
Event Information According to Microsoft :
Resolution :
Fix the cause of the malformed RADIUS message
This condition can occur if the server running NPS receives one of the following from a RADIUS client:
1.A response that is a malformed message.
2.A response that contains an incorrect value in the Code field.
3.An Access-Request message that does not contain a Message-Authenticator attribute.
4.A response that contains a message authenticator that is not valid.
5. An Access-Request message that contains an Extensible Authentication Protocol (EAP) message, but no Message-Authenticator attribute.
6.A response with an attribute that exceeds the maximum RADIUS attribute length.
To perform this procedure, you must be a member of Domain Admins .
To fix the cause of the malformed RADIUS message:
1.Network corruption, latency, or other network problems unrelated to NPS might produce this condition. Wait a short while to confirm that the condition still exists. The problem might resolve itself.
2.Make sure that the remote RADIUS server configuration, including the IP address of the RADIUS client/proxy server and the shared secret configured on the server running NPS and on the RADIUS client, is accurate. To configure a RADIUS client:
a)Click Start, Administrative Tools, Network Policy Server . The NPS Microsoft Management Console (MMC) opens.
b) Double-click RADIUS Clients and Servers .
c) Click RADIUS Clients , and in the details pane, right-click the RADIUS client you want to configure.
d)Click Properties , and then change the configuration according to your requirements.
3.Make sure that the network access server is configured with the IP address of the server running NPS.
4.If these actions do not resolve the problem, contact the RADIUS server vendor to see if the remote RADIUS server complies with the RADIUS protocol specification.
Verify :
To verify that RADIUS messages are not malformed:
1.On the server running NPS, start an application that is used to capture network traffic and begin a capture.
2.On a computer that is configured according to network access policy to connect to the network, log on to the network with a valid user account and valid credentials through the RADIUS client that previously sent the malformed message.
3.On the server running NPS, stop the network traffic capture, and then confirm that the structure of the messages presented to the RADIUS server by the RADIUS client is correct.
Reference LinksEvent ID 18 from Source NPS

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.