Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Wireless Certificated RAIDUS authentication problems

Avatar of stevepickard
stevepickard asked on
Wireless NetworkingWireless HardwareWindows Server 2008
3 Comments1 Solution9402 ViewsLast Modified:
Hi all,

I'm having a problem getting our new wifi set up and running as desired, so hope someone has come across this before and can point out where I'm going wrong.  I'm fairly new to RADIUS but am pretty sure it's installed and setup correctly.

The end result should be that Domain configured computers (with certificate from our CA) will be able to log onto the WIFI if logged into by a domain user.  Everything else trying to connect will be blocked.

Our setup is as follows:
Windows VIsta/XP clients (using Vista as my test machine)
Netgear WFS709TP wireless management switch.
Windows Server 2008 Std with NPS installed.
Client/Server cert installed on both the Vista and the 2008 boxs

NPS is configured to talk to the Netgear as a valid Authenticator/Client, and is registered in AD.
It currently has 1 connection request policy of
NAS Port Type: Wireless - Other OR Wireless IEEE 802.11
and a single Network Policy of
NAS Port Type: Wireless - Other OR  Wireless IEE 802.11
Machine Groups: <domain>\Domain Computers
User Groups: <domain>\Domain Users OR <domain>\Domain Admins

Authentication method is PEAP with the server's certificate issued from the CA selected, and EAP-CHAPv2
Fast Reconnect is currently disabled for testing purposes.

The Netgear is configured with a visible SSID, WPA2-AES to authenticate against the RADIUS server. Which is configured for the NPS box.

The clients have matching wilreless settings, with Validate Server Certificate selected in the PEAP properties, and our root CA selected in the list.  Again fast reconnect, and also cache settings are disabled for testing purposes.

When trying to connect to the wireless it fails.
On the Network Policy and Access Services event log nothing is displayed
On the client's security log it shows:

A request was made to authenticate to a wireless network.

      Security ID:            <domain>\jjennings
      Account Name:            jjennings
      Account Domain:            <domain>
      Logon ID:            0x78782

Network Information:
      Name (SSID):            WirelessTest
      Interface GUID:            {4bb28eb9-c2dd-42b0-8dab-f1fd995997cb}
      Local MAC Address:      00:22:FA:3F:25:F2
      Peer MAC Address:      00:24:B2:46:FA:C0

Additional Information:
      Reason Code:            Explicit Eap failure received (0x50005)
      Error Code:            0x40420110

Which has been quite hard to try and track down what that error means in relation to my setup.

Another thought to mention is that the machine certificates are already being used for VPN access (but not against a radius server) so look to be working and recognised ok on the network.

Any thoughts or suggestions on what I may be doing wrong would be great, and if you need any more info then let me know too.

Thanks in advance!

Avatar of Cliff Galiher
This problem has been solved!
Unlock 1 Answer and 3 Comments.
See Answers