I am pretty new to this and am trying to set up WPA2 enterprise where users can connect to the Wifi using their AD credentials (PEAP-MSCHAPv2).
The Cisco WLC has been configured to relay requests to the NPS, which is also the DC. The NPS can be pinged from the WLC and vice-versa. Passwords have been checked and doubled checked and are correctly entered in the WLC and in the NPS for the radius client.
When trying to connect to the WiFi, test is user is prompted for their credentials, which is what we want. Creds are entered and we get the message that it was not able to connect.
Checking event viewer of the NPS (also the DC), I see the following errors:
-
Under Network Policy and Access Services:
-
Under Windows Logs -> Application:
-
Under Windows Log -> System:
From what I have found online, reason 22 comes up when there is an issue with the cert. On the client side, I have disabled the need to validate certs (for testing purposes). I have added a cert from our CA (on a different DC) to the NPS as shown below:
Not sure why users are not able to connect or how to fix the error. Any suggestions or ideas are appreciated!
Edit – adding client config:
Not validating certs:
Also, from client, shows that EAP type 25 is being sent from Client:
Best Answer
PEAP-MSCHAPv2 does need to to validate server side certificate. I see you have disabled the need to validate certs (for testing purposes). It wont work without validating server side cert.
This looks like mis-configuration issue. You need to make sure same authentication type is used at both ends (client and server). Wireless profiles at client must be configured to use/support PEAP-MSCHAPv2. If you see your first screen shot, i dont see any value in front of 'EAP Type:' field. And in your last screen shot, select checkbox against MS-CHAPv2.