At my office we use a Cisco WLC2504 wireless controller and starting about a week ago we started having problems with users connecting to one of our secure wireless network. We are running AD on Windows Server 2008 R2 and use network policy server to control access to our wireless network.
When I look at the logs in event viewer after a failed connection attempt I see an access reject message:
Reason Code: 262
Reason: The supplied message is incomplete. The signature was not verified.
Looking this up on Google I found this article:
http://support.microsoft.com/kb/838502
I tried disabling server certificate validation on my computer and as soon as I did that I was able to connect to the network, so it seems that there is some sort of certificate validation issue.
I'm not sure which certificate is unable to be validated or how to fix it. This used to work and stopped suddenly by itself so I am thinking a certificate may have expired.
When I go to NPS > Policies > Network Policies > My policy > Constraints > Auth methods > Microsoft PEAP and view the properties, the certificae specified here expires in 2016, so doesn't seem as though this could be the problem.
Any suggestions on how to troubleshoot this issue?
Best Answer
I too had this problem and there doesn't seem to be a way to do this because Microsofts implementation of the wireless management client doesn't trust any Root CA by default. So you have to push the certificate to the client before they connect.
In some cases this might not be a valid option because people bring their own devices and try to connect to your NPS. There is no way around pushing certs on the users devices unless you tell them to disable validation warnings which I would not recommend.