Authentication failed due to an EAP session timeout; the EAP session with the access client was incomplete.
12/20/2019 8 12148
While authenticating with a Radius server via SonicPoint, the radius server is rejecting the request:
If we check the logs under Event Viewer | Windows Logs | Security we see the Audit failure is there and shows: "Authentication failed due to an EAP session timeout; the EAP session with the access client was incomplete".
EAP payload size is large and other reason can be if the wireless device was connected with a very poor signal strength which prevented the full EAP communication from taking place
Configure the Framed-MTU Attribute
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012
Use this procedure to lower the maximum EAP payload size by using the Framed-MTU attribute in an NPS network policy. You can lower the EAP payload size by configuring the Framed-MTU attribute in network policy settings properties in the NPS console
Administrative credentials. To complete this procedure, you must be a member of the Administrators group.
To configure the Framed-MTU attribute
- Click Start, click Administrative Tools, and then click Network Policy Server. The NPS console opens.
- Double-click Policies, click Network Policies, and then in the details pane double-click the policy that you want to configure.
- In the policy Properties dialog box, click the Settings tab.
- In Settings, in RADIUS Attributes, click Standard. In the details pane, click Add. The Add Standard RADIUS Attribute dialog box opens.
- In Attributes, scroll down to and click Framed-MTU, and then click Add. The Attribute Information dialog box opens.
- In Attribute Value, type a value equal to or less than 1344. Click OK, click Close, and then click OK.