Back to All Scenarios
PASSEDnetwork / radius_auth_server_down
RADIUS Authentication Server Down — Network Access Blocked
Both RADIUS servers (backed by Active Directory) become unreachable after an AD domain controller crash. All 802.1X network authentication fails, preventing users from connecting to wired and wireless networks. Existing sessions remain active but no new authentications succeed.
Pattern
ACTIVE_DIRECTORY
Severity
CRITICAL
Confidence
92%
Remediation
Remote Hands
Test Results
| Metric | Expected | Actual | Result |
|---|---|---|---|
| Pattern Recognition | ACTIVE_DIRECTORY | ACTIVE_DIRECTORY | |
| Severity Assessment | CRITICAL | CRITICAL | |
| Incident Correlation | Yes | 42 linked | |
| Cascade Escalation | Yes | Yes | |
| Remediation | — | Remote Hands — Corax contacts on-site support via call, email, or API |
Scenario Conditions
Two NPS RADIUS servers on domain controllers. Primary DC crashed (blue screen). Secondary DC overwhelmed with auth requests. 802.1X on all access ports and WiFi. 500+ users unable to authenticate. Guest VLAN fallback disabled.
Injected Error Messages (3)
RADIUS authentication failing — NPS service on DC-01 unreachable, active directory domain controller DC-01 crashed with BSOD, RADIUS requests timing out, 802.1X supplicants receiving Access-Reject, all new wired connections failing
Secondary RADIUS overwhelmed — active directory authentication backlog on DC-02, NPS processing queue depth: 2000+, RADIUS response time: 30s (threshold: 3s), intermittent Access-Reject responses
Wireless 802.1X authentication failing — WLC unable to reach active directory RADIUS servers, all new WiFi connections rejected, EAP-TLS handshake timing out, 300+ wireless users unable to connect
Neural Engine Root Cause Analysis
The Active Directory domain controller DC-01 has crashed with a Blue Screen of Death (BSOD), causing the Network Policy Server (NPS) service to become unreachable. This system failure has cascaded to disable RADIUS authentication for 802.1X network access control, preventing new wired connections from authenticating successfully. The 16 correlated incidents within the same time window strongly suggest this DC failure is impacting multiple dependent services across the infrastructure.
Remediation Plan
1. Immediately attempt to restart/reboot DC-01 server to recover from BSOD state. 2. Verify Active Directory services come online properly after reboot. 3. Confirm NPS service starts automatically and is responsive on port 1812. 4. Test RADIUS authentication with a sample 802.1X client to verify full functionality. 5. Monitor for additional BSOD events and review Windows Event Logs/crash dumps to identify underlying hardware or software cause. 6. Consider failing over to secondary domain controller if available while investigating root cause of BSOD.
Tested: 2026-03-30Monitors: 3 | Incidents: 3Test ID: cmncjpsbi03loobqexyzsu5xj