none
Remote NPS Server will not Authenticate Computer RRS feed

  • Question

  • I'm trying to setup NPS for WPA2 Enterprise Wi-Fi machine authentication (with PEAP) for our company with 5 offices that are connected with a site-to-site VPN. Each office is on the same domain but on different subnets and we are using Meraki WAPs. I set up 3 NPS servers (Server 2019) (each in a different city) and pushed out the WiFi profile via group policy to a few test machines. In our main office I was able to successfully authenticate and connect to the SSID. My next step in testing this setup was to disable the NPS server in the main city to test if the NPS servers in the other cities would take over. With the main NPS server down, I tried to connect the laptop to the SSID and it would not connect. The remote NPS server refused the authentication.
         Reason Code: 16
         Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.

    The NPS servers are not in a RADIUS group and I have not set up any RADIUS proxies. I also removed all NPS servers from the equation except for one remote NP server. I'm trying to keep it simple till i can narrow down the issue. Any recommendations or guidance would greatly be appreciated!
    Tuesday, June 9, 2020 10:53 PM

All replies

  • Hi,

    Please check if your access point has the function to configure NPS server list. 

    If yes, you need to add all the 3 NPS servers to the list. Otherwise the other two servers will not work if you disable the NPS server in the main city.

    Best Regards,
    Candy Luo

    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    Thursday, June 11, 2020 9:39 AM
    Moderator
  • Yes the Meraki access points have a maximum of 3 RADIUS servers. I had all 3 of our NPS servers listed in the initial setup. Later I removed all NPS servers from that list except for 1 NPS server located in a remote office. In this configuration, the NPS server receives the authentication request but denies it (see in the original post, it lists the event log message). I can't figure out why it is denying it.
    Thursday, June 11, 2020 11:49 AM