Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, January 8, 2018 10:03 PM
We recently deployed a Windows NPS server using PEAP with MS-CHAP v2 and are allowing only 1 specific AD security group to access a SSID based on user membership in said group. We utilize a Cisco 5508 wireless controller to push the SSID out to all AP's. The 802.1x SSID is working - mostly. Intermittently users on Windows 10 machines will have issues connecting to the network.
Looking at Event Viewer on the NPS shows Audit Failure's with machine name being passed over instead of the user name. If you continue to just try to connect repeatedly it will eventually try the username and then let's the user connect.
I'm also having an issue where sometimes trying to connect to the 802.1x network will not prompt for credentials. The user will click on the SSID, click Connect, and then Windows shows "Checking network requirements...". It will show this message for 20-30 seconds and then return "Can't connect to this network". Looking at the NPS server Event Viewer will show no authentication attempts for that machine or that user. If I disable the wireless adapter and then immediately re-enable it - it fixes the issue and the user can connect. However, disconnecting from the wireless network or rebooting the machine sometimes causes the issue to return.
Android phones, iPad's, and our Macbooks are not exhibiting this same issue.
All replies (4)
Tuesday, January 9, 2018 9:13 AM
Hi ,
If other operation system are authenticating and the windows 10 ones aren't then it sounds like you verified the first thing which is to make sure they are using the same policy.
In addition ,Based on the complexity and the specific situation, we need do more researches. If we have any updates or any thoughts about this issue, we will keep you posted as soon as possible. If you have further information during this period, you could post it on the forum, which help us understand and analyze this issue comprehensively.
Best Regards,
Candy
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, January 9, 2018 5:27 PM
Waiting on account verification to post pictures but - I did more digging and found a few things. When the machine tries to authenticate Event Viewer on NPS shows it's using authentication type EAP and all of my successful user auths are using PEAP-MSCHAPv2. The machine auths fail with the error that the connection does not match any policy. This is fine because I do not have a policy set to allow EAP-TLS connections.
Knowing this though - why would the machine even try using EAP? Is my NPS server advertising that it accepts EAP connections?
For the second part where clients will occasionally say "Checking network requirements..." and then "Can't connect to this network" - when that happens I am seeing nothing in Event Viewer on either the client itself or the NPS. Is there any type of verbose logging I can use on the client machine? It's like the wireless card just chooses to not send anything to anyone. If I disable the wireless adapter and re-enable it fixes the issue and I can connect immediately.
Wednesday, August 15, 2018 4:49 PM
I think I am seeing this in my environment - did you ever find a cause?
Sunday, September 23, 2018 2:35 PM
I'm also seeing this behaviour...cause or solutions found?