Windows NPS Stops Authenticating Wireless Users

Had a funny issue raised from the helpdesk today. All of a sudden all of our Wireless users were no longer to connect to the internal wifi network that was protected by 802.11x PEAP via Merkai -> RADIUS -> NPS (Network Policy Server) -> Active Directory.

We had errors like this:

“Network Policy Server discarded the request for a user.”

“An internal error occurred. Check the system event log for additional information.”

And of course the logs at c:\windows\system32\logfiles had nothing of value in them.

Another thing was that Event Logging from NPS stopped although the service was still running.


It turns out it was just because the certificate NPS uses was renewed automatically thanks to GPO / AD. NPS doesn’t handle the transition well.


All you have to do is change the certificate to another certificate and back to the one that was auto renewed. if you only have one then create another, change it to that, then swap back to the correct auto renewed on.

If you don’t know where to select it, it is under Policies -> Network Policies -> <your policy that grants users access) -> Constraints tab -> Authentication Mode -> Microsoft: Protected EAP (PEAP) [EDIT]