Hi,
Im dealing with a very odd situation regarding our wireless access and was hoping someone might have some insight.
The infrastructure:
Ruckus APs with virtual smart zone controller
WLAN with 802.1x authentication, NPS as proxy using RADIUS
Two NPS servers in the domain, one on site, and the other sitting in Azure
The two NPS are also configured with ADFS
Virtual endpoint / ADFS Farm is named access.our-public-domain.com for which we have a certificate that is loaded in the NPS as the PEAP certificate and its root CA cert is installed on all clients
System was working just fine until the other day when the certificate expired. For whatever reason the notification of expiration wasnt getting to us (story for another day)
The expired certificate is with a company we no longer use for certs. I went through the correct procedure to CSR a new certificate compatible with NPS through our current certificate provider, and installed onto the NPS. The root for the new provider is also already on all clients
Most everything immediately came back online, and here lies the problem - MOST EVERYTHING
We have a mixed infrastructure of 7, 8, and 10 clients, and there doesn't seem to be any rhyme or reason as to which ones are now unable to connect
We also have an internal PKI, so I spun up a sandbox NPS using the internal CA, no extras like ADFS or anything, set up a test 802.1 SSID pointing to the sandbox as proxy.
Using both the access certificate and the CA issued certificate, the NPS doesnt log any audits trying to sign on from an affected machine/user. If I use our public wildcard, it logs a reason 22 - EAP type server unable to process, which I suppose is understandable for the wildcard as it was never setup for RAS/IAS
Im just at a loss as to why a simple certificate change would alter our wireless infrastructure from completely working 100% to mostly working 70%