none
NPS non joined domain clients cant authenticate

    Question

  • Hello

    I've got a problem getting non domain joined clients to join a 801.1x WLAN which is configured to use Smartcard or other certificates.

    I've created user certificates for authentication of apple devices. I've already worked through the following threads

     https://social.technet.microsoft.com/Forums/sharepoint/en-US/d51b56b1-6d1d-4e4f-9888-9cb3a2ad27dc/nondomain-computer-certificate-authentication-in-nps?forum=winserverNAP

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/aeff7687-62f4-4e58-9d96-14c316179339/how-can-i-configure-radius-to-allow-a-nonwindows-device-to-authenticate-with-a-certificate?forum=winserverNIS

    https://blogs.technet.microsoft.com/pki/2012/02/27/connecting-ipads-to-an-enterprise-wireless-802-1x-network-using-certificates-and-network-device-enrollment-services-ndes/

    But I dont seem to be able to get it working.

    For the devices I want to connect, I've created AD User Accounts. I then created a certificate from a modified user certificate template. On the CN i put the logon name, and on SAN UPN=<useraccount>@domain.local. I've exported the cert with and without private key. The on with private key is installed at the mobile device along with the CA certificate. The one without private key is mapped to the AD user Account.

    Anyway, it isnt working. In the NPS logs I can see its using the NPS policies I've created, but its alsways throwing "An internal error occurred. Check the system event log for additional information"  Reason Code is 1.

    I've already activated verbose logging at the NPS but it didnt help so far. Does anyone of you have a hint, what could be going wrong?

    Thanks in advance

    Friday, June 8, 2018 8:24 AM

Answers

  • Hello

    It works now. I've installed the NPS Role on another Server and set it up like the first one. Works flawlessly.

    • Marked as answer by ben2506 Friday, June 8, 2018 12:53 PM
    Friday, June 8, 2018 12:53 PM