Had a funny issue raised from the helpdesk today. All of a sudden all of our Wireless users were no longer to connect to the internal wifi network that was protected by 802.11x PEAP via Merkai -> RADIUS -> NPS (Network Policy Server) -> Active Directory.
We had errors like this:
“Network Policy Server discarded the request for a user.”
“An internal error occurred. Check the system event log for additional information.”
And of course the logs at c:\windows\system32\logfiles had nothing of value in them.
Another thing was that Event Logging from NPS stopped although the service was still running.
It turns out it was just because the certificate NPS uses was renewed automatically thanks to GPO / AD. NPS doesn’t handle the transition well.
All you have to do is change the certificate to another certificate and back to the one that was auto renewed. if you only have one then create another, change it to that, then swap back to the correct auto renewed on.
If you don’t know where to select it, it is under Policies -> Network Policies -> <your policy that grants users access) -> Constraints tab -> Authentication Mode -> Microsoft: Protected EAP (PEAP) [EDIT]
One Reply to “Windows NPS Stops Authenticating Wireless Users”
I had setup CA on a Windows 2008 Server R2 with NPS as a RADIUS server.
Kept getting Internal Error 610. After spending several days with MS when Wireless Clients could not connect,
MS suggested changing the cert that the NPS Network policy points to for EAP from the Root Cert to the Client CERT that was on the NPS server and waalaa! It Began working. For some reason the Entrprise root Cert is supposed to be a all purpose cert but NPS throws a SCHANNELL error. Try using the client cert on the NPS server “Personal” store. If you dont have one generate one and use it. When you are in the Network Policy in “Constraints” select “EAP” Edit
and you sshould have a drop down showing both the Enterprise Root and the client cert for this NPS server. Choose the client cert and restart NPS and test