Hi,
i have a IAS 2003 he work fine with EAP-TLS and IP Phones from Alcatel and with Certificates from Alcatel.
So i want update from 2003 to 2012 R2. I install a NPS 2012 R2 and export and import the config from the IAS to the NPS 2012 and check all settings. But the IP Phones dont work with EAP-TLS.
The Client PC work.
The only different is that the Client PC work with 802.1x EAP and a internal Domain CA Certificate. And the IP Phones are Alcatel Lucent IP Touch with a Certificate from Alcatel. I import the Root CA from Alcatel and the Intermediate Certfication to the NPS Server (same as by the IAS Server) but it dont work. On the IAS 2003 it work fine with this setup.
Here the error:
Reason Code: 16
Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
But if i disable the username for the IP Phone i get this message:
Reason Code: 34
Reason: The user or computer account that is specified in the RADIUS Access-Request message is disabled.
So i think that the Map to an existing user account work fine.
The Probleme is that i cannot export the Certificate from the Ip Phone. I have only the Root Certificate.
Have someone any idea?