locked
WLAN WPA2 Enterprise - Certificate Message - No AutoConnect RRS feed

  • Question

  • We use a Windows 2012 R2 member server as a Radius Server for WLAN-Authentication.

    On all Windows 8.1 Enterprise x64 and Windows 10 Enterprise x64 clients we receive a certificate message when we connect to our WPA2 Enterprise WLAN. After we click "Connect", the connection is established and ok but the following message appears at every reconnect. The message text is: "Continue connecting? If you expect to find [SSID-Name] in this Location, go ahead and connect. Otherwise, it may be a different Network with the same Name"

    Auto connect is not possible anymore because of this message interruption. 

    Windows 7 Enterprise x64 clients are not affected. 

    We use a self signed cert for WLAN encryption which is installed on all clients.

    We run a domain network with client/user authentication. 

    How do we either make this notification go away or suppress it to enable proper auto-connect?


    Saturday, June 4, 2016 12:00 PM

Answers

  • After a few weeks of pondering this issue, we eventually resolved it by thinking about what the error message was telling us. We went into Network Policy Server on the RADIUS server and delved into the wireless policy, constraints and then authentication methods. We found the RADIUS server was using a different SSL cert than the one published to wifi clients. Once this was corrected, the error immediately went away and clients were once again auto connecting using our self issued cert. 
    • Marked as answer by MartynHudson Tuesday, June 7, 2016 4:50 PM
    Tuesday, June 7, 2016 4:50 PM

All replies

  • Hi,

    Due to limited condition, I can’t test for you, from my survey, we could try add the network manually to see the result.

    1.In Wi-Fi settings menu tap advanced

    2.Type in the network SSID-Name and tap add

    3.Sign in with your credentials in the form outlined above and tap done.

    Besides, there is a documentation talks about this message, kindly refer to it for assistance.

    https://www.cedarville.edu/help/Wireless-Connection-to-CU-Secure

    Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Regards


    Please mark the reply as an answer if you find it is helpful.

    If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Tuesday, June 7, 2016 2:13 AM
  • After a few weeks of pondering this issue, we eventually resolved it by thinking about what the error message was telling us. We went into Network Policy Server on the RADIUS server and delved into the wireless policy, constraints and then authentication methods. We found the RADIUS server was using a different SSL cert than the one published to wifi clients. Once this was corrected, the error immediately went away and clients were once again auto connecting using our self issued cert. 
    • Marked as answer by MartynHudson Tuesday, June 7, 2016 4:50 PM
    Tuesday, June 7, 2016 4:50 PM
  • Could you provide more detail information on how this resolved?

    I know I have a cert in Radius server / NPS under Constraints, where is the one published for wifi clients?

    Saturday, December 9, 2017 12:01 AM
  • Did you find any solution for this issue?
    Friday, January 12, 2018 5:33 AM
  • The solution is the marked answer above. 

    We had a GPO publishing the WiFi profile on client machines which said use certificate xxxx, but in the Network Policy Server settings no certificate was selected under authentication methods. This arose as we were a little hasty setting it up and clicking next next on the wizard once setting it up to secure wireless clients. 

    As soon as the certificate xxxx was selected, clients connected automatically without issue. 

    Friday, January 12, 2018 1:00 PM
  • Unfortunately, i couldn't find the location on NPS configuration edit again certificate. Because when i configure i already select certificate. But now i can't find the exact location re-appointed again.

    How can i find that ?

    Wednesday, January 17, 2018 6:39 AM
  • >>We found the RADIUS server was using a different SSL cert than the one published to wifi clients

    Could you provide more detail on this?  Where could I locate what cert the Radius server using?  In NPS, Wireless PEAP, Constraints, Authentication Mechods, PEAP, is this the client or server cert?

    In NPS, I pick a public cert and I also point the same public cert in GPO and I still have issue.
    • Edited by frankcchan Monday, March 5, 2018 10:23 PM
    Monday, March 5, 2018 7:54 PM
  • Wireless policy in NPS says use this ssl cert. BUT the GPO setting the profile on clients says use a different ssl cert. Two don't match thus no auto connect. 

    On the Server: Network Policy Server > Policies > Network Policies > Double click WiFi Policy Name in Centre Pane > Dialogue Box Opens > Constraints Tab > Authentication Methods > Click on EAP Types > Click Edit > Dialogue Box Opens > Check SSL Cert listed is the correct one and matches that used by your clients. They must match. 

    We use a self signed SSL cert. I believe this is the recommended route for this application. Double check your GPO is using the same cert. 

    Tuesday, March 6, 2018 7:31 PM
  • I got the first part (correctly assign SSL on NPS),  how could I check this SSL is what the client using?
    Wednesday, March 7, 2018 10:16 PM
  • Firstly, please advise:

    1. What OS are your clients running?

    2. Are you using a GPO to create the wireless profile connection on clients OR doing this on each manually?

    Wednesday, March 7, 2018 10:29 PM
  • Windows 10, I push the same SSL to Computer Conf > Windows Settings > Security Settings > Public Key Policies.

    I see the SSL in Client's Trusted Root.

    I still see the warning.

    Wednesday, March 7, 2018 11:15 PM
  • It´s the same here and it only started a few weeks ago. I thought the problem was our old Certificate with SHA-1 sig hash, so I upgraded it to SHA256. But it did not change anything. I think it started on the last patchday in February, but I´m not 100% sure.
    Wednesday, March 14, 2018 8:39 AM
  • How do I do this?
    Thursday, March 22, 2018 6:20 PM
  • It´s the same here and it only started a few weeks ago. I thought the problem was our old Certificate with SHA-1 sig hash, so I upgraded it to SHA256. But it did not change anything. I think it started on the last patchday in February, but I´m not 100% sure.
    We are having the exact same problem. We had issues with our WSUS server and needed to fix the storage before synchronizing again. After we did this, we began to notice the issue today after clients rebooted for updates.
    Wednesday, March 28, 2018 7:35 PM
  • I am experiencing the same issues. Nothing was changed in the infrastructure. I'm sure that these Windows 10 devices have received some updates that changed their behavior about this. However the problem is serious since after the computer restarts it won't reconnect to the network automatically - someone has to connect and confirm this message. There is an option in the WLAN profile properties in the GPO which Windows seems to ignore:

    Thursday, April 5, 2018 12:23 PM
  • Same issue here, no infrastructure changes and we have started seeing this warning message on some of our Windows 10 devices within the past few weeks (we have also recently released Windows updates via WSUS).

    Did you get any further with finding out the cause?

    Wednesday, April 25, 2018 8:44 AM
  • Just wanted to add to this thread a solution that we found to our specific issue. 

    On our DC, we went into the group policy that we were pushing out to clients  (Group Policy Management Editor > Computer Configuration > Policies > Windows Settings > Security Settings > Wireless Network (...)", and opened up the profile we had created.  We clicked on the profile name and clicked "Edit".  Then under the 'Security' tab on the next screen, next to Select a network authentication method: we clicked Properties.  What we discovered is that we had checked "Verify the server's identity by validating the certificate" (which is the correct option).  We also already had the "Connect to these servers" and in the box entered the FQDN of our NPS servers.  BUT, what we DID NOT have checked were the Root CA Servers that those NPS servers actually got their certificate from.  As soon as we put a checkmark next to the Root CA we were using, applied, and saved the GPO  (and ran gpudate on clients that had the issue) - the problem went away.  Weirdly, we discovered that in the "Notifications before connecting:" box, we couldn't chose anything other than "Tell user if the server name or root certificate isn't specified" -- which I thought was pretty weird as I'm pretty sure you're supposed to be able to turn that off.  Oh well. 

    Tuesday, May 22, 2018 3:34 PM
  • To change the value in the field  "Notifications before connecting" You need to go to it by pressing TAB, and then simply press the down or up arrow
    Monday, May 27, 2019 9:48 AM
  • Old post, but relevant today. I think you are focusing on the right area, GPO config. Of course, there are many variables, but this worked for me; I corrected the no auto connect by ‘removing’ the check box “Connect to these servers” and removing the NPS server’s name in there – Security, Properties. Using Computer authentication. RADIUS was already configured on the WAP and communicating with the server – no need to force the authentication twice in most situations. All computers started auto connecting Wi-Fi after making this change

    Sunday, June 28, 2020 4:52 PM