We've had wireless access here for months using 802.1x authentication with Server 2008R2 & now Server 2012 running as the Radius server. Things were working properly until yesterday, February 5th. No one is able to connect to the our internal network using RADIUS authentication. The guest access SSID using WPA2/PSK is working just fine still.
I've checked that my certificates aren't expired. My CRP just checks for IEEE802 Wireless. The NP checks for IEEE802 wireless & membership in a global security group containing users allowed to authenticate.
When a user tries to connect, I get the following in the event viewer:
NAS: NAS IPv4 Address: 10.#.#.# NAS IPv6 Address: - NAS Identifier: hello NAS Port-Type: Wireless - IEEE 802.11 NAS Port: 0 RADIUS Client: Client Friendly Name: ##### Client IP Address: 10.#.#.# Authentication Details: Connection Request Policy Name: Use Windows authentication for all users Network Policy Name: - Authentication Provider: Windows Authentication Server: #### Authentication Type: EAP EAP Type: - Account Session Identifier: - Logging Results: Accounting information was written to the local log file. Reason Code: 48 Reason: The connection request did not match any configured network policy.
I'm 100% sure the user referenced in the log is in the correct security group. When I remove the group condition, users still fail to connect, but no error appears in the event viewer. Authentication method is PEAP (EAP-MSCHAP v2).
No changes were made to anything obviously relevant that triggered this behavior. Please help...