locked
EAP-TLS with User Certificate Authentication RRS feed

  • Question

  • I have setup an NPS server, and PKI infrastructure. We are attempting to authenticate using EAP-TLS with Certificates.

    Our Network Policy is setup in the constraints to use Smartcard or Certificate. Policy points to our Sub CA certificate.

    We have setup 802.1x on our WAP that looks to the NPS server for authentication.

    I logon to the windows 7 Laptop, connect to network and retrieve a user certificate with Client Authentication. After that I setup the wireless profile and attempt to connect. It prompts me to select the user certificate previously added to mmc. I get the following event in the laptop security events.

    Below is the security event error from the PC.

    Subject:
          Security ID:            username@domainname
          Account Name:            USERNAME
          Account Domain:            DOMAINANME
          Logon ID:            0xa0dcf

    Network Information:
          Name (SSID):            EAP-TLS
          Interface GUID:            {f1d2f46b-8748-47ff-872f-0

    2920fc14dbc}
          Local MAC Address:      70:F3:95:E1:75:8E
          Peer MAC Address:      B4:E9:B0:E5:2C:33

    Additional Information:
          Reason Code:            Explicit Eap failure received (0x50005)
          Error Code:            0x40420110
          EAP Reason Code:      0x40420110
          EAP Root Cause String:      Network authentication failed due to a problem with the user account

    NPS server simply shows error 22 in the logs.

    Thursday, September 20, 2018 8:06 PM

Answers

All replies