none
Windows 7 Clients wireless authentication failure with SHA 256 Kerberos Key

    Pregunta

  • Is there a known issue with using SHA256 certificates with NPS Server?

    We swapped our SHA1 keys and only Win7 clients could not connect.  Phones and Win10 systems had no issues.


    David Jenkins

    martes, 7 de marzo de 2017 14:54

Respuestas

Todas las respuestas

  • Hi David,

    Is the SHA256 certificate issued by CA server, or it is a self-signed certificate? If it is issued by the CA server, please check if the clients stores the trusted root certificate, if it is a self-signed certificate, please check if client trust the certificate.

    If there are old certificates stored on client side, please delete the old certificates, check if it could help.

    If the above suggestion doesn't work, please check the detailed event log when clients unable to connect to wifi, please check the NPS log for the detailed reason of the failure.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    jueves, 9 de marzo de 2017 7:28
    Moderador
  • Hi David,

    Just to check if the above reply could be of help? If yes, you may mark useful reply as answer, if not, weclcome to feedback.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    lunes, 13 de marzo de 2017 8:47
    Moderador
  • guys, any answer to this? I have the same issue. I'm working on a three tier PKI infra and it works in windows 10 but not in windows 7 

    viernes, 7 de julio de 2017 21:01
  • I dropped the ball on responding to this some time back. 

    I ended up having to keep using my old CA's for now. 


    David Jenkins

    lunes, 10 de julio de 2017 14:17
  • Hi David,

    I have the same dilemma with you.

    Issue: Clients using Windows 7 cannot connect to our Current SSID but Windows 10 users can connect. Using the old SHA1 certificate, both Windows 7 and 10 users can connect. Windows 7 machines are saying "a certificate is required to connect to <SSID>". even though the certificate is already installed.

    Changing the Authentication from "User" to "Machine" Authentication, the windows 7 laptop responds and attempts to connect on our radius server (Cisco ACS). 


    • Editado avarixia martes, 18 de julio de 2017 13:22
    martes, 18 de julio de 2017 13:21
  • We are currently having this issue and was wondering what the solution was for everyone.  Our internal CA is now using SHA256 and none of our Windows 7 laptops can connect to wireless.  Been fighting this for 3 days now and tired of upgrading to Windows 10......
    viernes, 8 de junio de 2018 14:22
  • Wow, hadn't looked back for a while at this.  I have two CA's now so I can support the different encryptions.  Just seemed to be the easiest way.

    David Jenkins

    martes, 12 de junio de 2018 20:41