Good morning everyone. I am hoping by sharing this here some of your brilliant minds can help me solve an issue we are facing. I am configuring 802.1x/DOT1X on Server 2016 using Network Policy Server (NPS). I have the NPS constraints, and settings configured
properly. Frames should originate from a wired connection and users should be members of the "Domain Users" group.
On the Authentication Client I am using a Cisco 2960 with the latest commands...
aaa authentication dot1x default group NPS-group
aaa group server radius NPS-group
server name NPS
radius server NPS
address ipv4 192.168.1.1 auth-port 1812 acct-port 1813
key cisco
I have also enabled authentication open, port-control auto, and pae authenticator on appropriate ports. The server is on a virtual machine using an external switch. When I use a protocol analyzer I can see the "Radius-Request" "Radius-Challenge"
on the server side. On the host I see the EAP connection, client hello, TLS1.2 handshake and it drops and requests identity again. I have tested fixes such as creating a DWord reg value Tlssetting that forced TLS 1.0, then 1.1, and 1.2, still no luck. Also,
the DC and NPS are on different virtual machines. I even tried creating the reg value which disabled client side cert validation. Anyone have a similar issue?
In a lab environment using a physical server where the AD/DS and NPS reside together it works with no issues.