locked
NPS + TLS + Authentication Denied RRS feed

  • Question

  • Hi,

    We are using CISCO WLC/LAP/NPS & intermitently facing connectivity issue after we changed NPS Authentication from CHAP to TLS. we are using Smart card or other certificate whereas on client side we have both User certificate & computer certificate installed. strange part is some time user is able to connect & sometime it's showing "Attempting to authenticate". WLC showing Authentication request denied & NPS is not showing any log. unable to trace where exactly it's dening authentication request.

    Dhiraj

    Tuesday, July 24, 2012 7:59 AM

All replies

  • Hi Dhiraj,

    Thanks for posting here.

    >& sometime it's showing "Attempting to authenticate". WLC showing Authentication request denied & NPS is not showing any log.

    What OS is running on these clients that were affected by this issue ? You mentioned that we are using TLS method in wireless connection so I guess that is PEAP-EAP-TLS .Are we using self-issued certificate or purchased from third party ? How many certificate was been installed on client side ? have we also set any connection request policy on NPS server ?

    As a workaround , could we first deselect the option “enabled fast reconnect” in PEAP properties in wireless profile on client  and see if can reproduce it :

     

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    • Proposed as answer by DushYant P Friday, July 27, 2012 5:05 AM
    Wednesday, July 25, 2012 8:19 AM
  • Hi Tiger Li,

    Thanks for your response.
    This issue is not for a specific OS & seen on (Vista/7). Yes, earlier it was PEAP & now changed it to TLS. we are using self signed certificates.On the client side we have below certificates installed.

    User account Certificate
    Computer account Certificate
    Global Cert
    Intermidate Cert

    Yes, on the Network policy of NPS we have selected "Microsoft : Smart card or any other certificate" in EAP type.

    Dhiraj

    Wednesday, July 25, 2012 8:59 AM
  • Hi,

    Please try to uncheck the "Validate server certificate" option on the client to see if the issue could be resolved.

    Best Regards

    Scott Xie

    Thursday, July 26, 2012 8:26 AM