Authentication failed due to an EAP session timeout; the EAP session with the access client was incomplete.
12/20/2019 9 15220
While authenticating with a Radius server via SonicPoint, the radius server is rejecting the request:
If we check the logs under Event Viewer | Windows Logs | Security we see the Audit failure is there and shows: "Authentication failed due to an EAP session timeout; the EAP session with the access client was incomplete".
EAP payload size is large and other reason can be if the wireless device was connected with a very poor signal strength which prevented the full EAP communication from taking place
Configure the Framed-MTU Attribute
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012
Use this procedure to lower the maximum EAP payload size by using the Framed-MTU attribute in an NPS network policy. You can lower the EAP payload size by configuring the Framed-MTU attribute in network policy settings properties in the NPS console
Administrative credentials. To complete this procedure, you must be a member of the Administrators group.
To configure the Framed-MTU attribute
Click Start, click Administrative Tools, and then click Network Policy Server. The NPS console opens.
Double-click Policies, click Network Policies, and then in the details pane double-click the policy that you want to configure.
In the policy Properties dialog box, click the Settings tab.
In Settings, in RADIUS Attributes, click Standard. In the details pane, click Add. The Add Standard RADIUS Attribute dialog box opens.
In Attributes, scroll down to and click Framed-MTU, and then click Add. The Attribute Information dialog box opens.
In Attribute Value, type a value equal to or less than 1344. Click OK, click Close, and then click OK.
Secure Wireless>SonicPoint Series>WPA2 with Radius Authentication