I have configured this multiple times before with no issue.
This time I experience som weird issues.
WLC gives this message RADIUS server xxx.xxx.xxx.xxx:1812 failed to respond to request (ID 17) for client XX:XX:XX:XX:XX:XX / user 'unknown'
NPS Logs has no entries.
Change the configuration to PEAP MSchap v2 and authentication works, but only for user authentication.
NPS logs for computer authentication tells me that the computer account is denied by default Network policy. which means that my Network policy is not triggered by the computer authetication request.
I have domain users OR domain computers under conditions.
When I create another Network policy and use Machine Groups with domain computers as condition, computer authentication works.
Change back to peap-tls, nothing works. No nps logs and RADIUS server xxx.xxx.xxx.xxx:1812 failed to respond to request (ID 17) for client XX:XX:XX:XX:XX:XX / user 'unknown' is back in WLC logs.
I'm thinking certificate issue here. But I have tripple verified all certificate settings and enrollment policies.
NPS server get certificate from a copy of RAS and IAS Server template, Users gets from a duplicate of Users template and computers gets from a duplicate of computers. All settings are from official technet guides and have worked fine several times before.
I cant wrap my head around why I need to specify a separate network policy with machine groups as condition to get computer authetication to work.
And why does not Certificate authentication work when all settings are exactly the same as another installation that is working just fine?
Are there any logs on the NPS server I can check for error messages which can give me some input on what is going wrong?
Have you called or placed a TAC with Cisco support for assistance? Usually with Cisco, your 24/7 Gold goes a long way and they'll take whatever time it takes to help resolve it, even configuring the NPS and other Windows side settings, server and clients.
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.