HI guys,
maybe you are able to assist :)
We have a 2 tier PKI installed (Server 2012 root ca offl, issuing ca online) and a server having NPS, Cisco Wireless controller im place as well. Computer certificates are deployed by policy, clients are Windows 7 and Windows 8 maschines.
Goal is to have the clients access internal WLAN only if they have a certificate (which they get only when domain joinrd and in the proper OU). Otherwise clienst will get into guest WLAN only.
So far so good - both clients get the needed certificates in the proper stores, but Win7 clients aren't able to connect. These clienst produce a authentication eeror seen on the NPS server (they seem to be able to talk to the wireless controller though)
Error in NPS server's eventlog:
Authentication Details:
Connection Request Policy Name:Inernal WLAN Network connection request policy
Network Policy Name:Internal WLAN policy
Authentication Provider:Windows
Authentication Server:<NPS-Server-Name>
Authentication Type:EAP
EAP Type:
Microsoft: Smart Card or other certificate
Account Session Identifier:-
Logging Results:Accounting information was written to the local log file.
Reason Code:
16
Reason:
Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
Any Idea, WHY Win 8 clients do work prefectly,but WIn 7 don't ?
What is rumored is that I'll need to set up NAP on NPS as well to make this work. We don't want remediation/complance checks.
I doubt that this is true (it wasn't needed for 2008R2, but maybe this changed for 2012 ?)
Any help will be highly appreciated
regards,
Frank