I am trying to change our wireless access points to use RADIUS. I have installed Network Policy Server on a server and pointed our wireless access points RADIUS settings to it.
I have allowed all Domain Users in the policy.
However when a client attempts to connect to the wireless network using the 'Use my Windows account' option (I have also tested manually entering DOMAIN\user etc. with the same results) the client shows the error message
Unable to connect to this network
I have checked the Event Viewer on the server where Network Policy server is installed and this error message is generated each time a client tries to connect
Negotiation failed. No available EAP methods
Here is a screenshot of the properties of the policy.
Best Answer
Putting this out there in case it helps anyone else who is struggling with this same error message as I was. In my case the underlying issue was that my Windows server had been configured so that TLS version 1.0 and 1.1 were disabled, only TLS 1.2 is allowed. However NPS was still defaulting to TLS version 1.0.
In my case this had been configured via GPO by our server admins.
I was able to manually set NPS to use TLS 1.2 in the registry, following these instructions:
https://support.microsoft.com/en-us/help/2977292/microsoft-security-advisory-update-for-microsoft-eap-implementation-th
https://community.spiceworks.com/topic/2195158-enable-tls1-2-in-windows-server-nps
You'll be able to see whether or not this is the problem you're having in a packet capture--look at the Client Hello and Server Hello packets and compare the TLS versions each one is trying to use.