Hi All,
I'm trying to setup certificate-based authentication for NPS in a Server 2012 R2 environment. I'm currently stuck on an issue in where I keep getting Reason code 295 (indicating that a CA in the chain is not trusted). However, I've checked the computer and
service account to ensure that both the Root CA and Intermediate CA are in the appropriate trust store, so I cannot for the life of me figure out why there would be a trust issue.
I have also verified that my user certificate is properly published in Active Directory and that my client (which is not domain joined) trusts both the root and intermediate CAs.
The RAS server is using a commercial wildcard certificate for SSTP connections (we only have SSTP enabled), which is working fine with user/password authentication. In the advanced certificate authentication settings, we're using a certificate issued by
the internal CA.
Any ideas why the server wouldn't trust a certificate that's in the trust store?
Thanks!
