NPS Authentication Fails (Reason 16) After Migration to 2012 R2 from 2008 R2

I'm using NPS for wired dot1x authentication and I just migrated my NPS server from 2008 R2 to 2012 R2.  When I point the network switch to start using the new 2012 R2 NPS as the RADIUS server, I get authentication failures - event 6273, reason code 16.  When I switch it back to the 2008 R2 server, it works fine.  The two servers are configured EXACTLY the same as far as I can tell - same RADIUS client config, same connection request policies, same network policies - and it should be since I used the MS prescribed migration process.  The only thing that differs is the server's certificate name used in the PEAP setup screen.

I'm using computer authentication only, so everything is based on computer accounts and I've selected to NOT validate server credentials on the group policy.

I've verified the shared secrets multiple times.  Both servers are domain controllers.

Here is an example of the errors logged on the 2012 R2 server.

========================================

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
    Security ID:            FAITHCHURCH\youthroom$
    Account Name:            host/YOUTHROOM.faithchurch.net
    Account Domain:            FAITHCHURCH
    Fully Qualified Account Name:    FAITHCHURCH\youthroom$

Client Machine:
    Security ID:            NULL SID
    Account Name:            -
    Fully Qualified Account Name:    -
    OS-Version:            -
    Called Station Identifier:        -
    Calling Station Identifier:        44-37-E6-C0-32-CA

NAS:
    NAS IPv4 Address:        192.168.1.1
    NAS IPv6 Address:        -
    NAS Identifier:            -
    NAS Port-Type:            Ethernet
    NAS Port:            1010

RADIUS Client:
    Client Friendly Name:        Extreme X440
    Client IP Address:            192.168.1.1

Authentication Details:
    Connection Request Policy Name:    Secure Wired (Ethernet) Connections 2
    Network Policy Name:        Secure Wired (Ethernet) Connections 2
    Authentication Provider:        Windows
    Authentication Server:        Sigma.faithchurch.net
    Authentication Type:        PEAP
    EAP Type:            -
    Account Session Identifier:        -
    Logging Results:            Accounting information was written to the local log file.
    Reason Code:            16
    Reason:                Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
========================================