Windows NPS Stops Authenticating Wireless Users

Had a funny issue raised from the helpdesk today. All of a sudden all of our Wireless users were no longer to connect to the internal wifi network that was protected by 802.11x PEAP via Merkai -> RADIUS -> NPS (Network Policy Server) -> Active Directory.

We had errors like this:

“Network Policy Server discarded the request for a user.”

“An internal error occurred. Check the system event log for additional information.”

And of course the logs at c:\windows\system32\logfiles had nothing of value in them.

Another thing was that Event Logging from NPS stopped although the service was still running.

CAUSE:

It turns out it was just because the certificate NPS uses was renewed automatically thanks to GPO / AD. NPS doesn’t handle the transition well.

FIX:

All you have to do is change the certificate to another certificate and back to the one that was auto renewed. if you only have one then create another, change it to that, then swap back to the correct auto renewed on.

If you don’t know where to select it, it is under Policies -> Network Policies -> <your policy that grants users access) -> Constraints tab -> Authentication Mode -> Microsoft: Protected EAP (PEAP) [EDIT]

image

About these ads

Tags: , ,

About Eric

My name is Eric Weintraub. I am an IT Professional with over 12 years of real world experience. I currently work as a Senior IT Manager for a large software company that develops products for Information Technology workers. Professionally, I love what I do and it shows in my work. Personally, I enjoy technology as a whole. Enterprise Technology, Social Media, and Mobile technologies are all things I follow. I also love to play golf, go snowboarding, cook, love to eat, and read. Also big on photography, check out my recent photography at http://www.ericweintraubphotography.com and also Flickr: http://www.flickr.com/photos/ericweintraub/. As much as I don’t have a lot of free time, I always come across things that I believe could help others. I just wanted to be able to share what I find with others. Thanks for reading the blog, please setup a RSS feed and keep in touch! Eric Weintraub

One response to “Windows NPS Stops Authenticating Wireless Users”

  1. Jay says :

    I had setup CA on a Windows 2008 Server R2 with NPS as a RADIUS server.

    Kept getting Internal Error 610. After spending several days with MS when Wireless Clients could not connect,

    MS suggested changing the cert that the NPS Network policy points to for EAP from the Root Cert to the Client CERT that was on the NPS server and waalaa! It Began working. For some reason the Entrprise root Cert is supposed to be a all purpose cert but NPS throws a SCHANNELL error. Try using the client cert on the NPS server “Personal” store. If you dont have one generate one and use it. When you are in the Network Policy in “Constraints” select “EAP” Edit

    and you sshould have a drop down showing both the Enterprise Root and the client cert for this NPS server. Choose the client cert and restart NPS and test

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: