RODC with EAP and Radius

I have a domain, let’s call it Domain.local.  On this domain I have a domain controller called DC-Prime, and a read-only domain controller called RODC-Zeta.

I have 2 cisco wireless APs, using RADIUS to authenticate users to the domain.  When they are pointed to Prime, they authenticate, and everything is sunshine and unicorns.  When I point them to Zeta, the server reports the following from Event Viewer:

Negotiation failed. Requested EAP methods not available

I have exported the EAP settings from Prime and imported them to Zeta, but I still get the same results.  I think it has to do with Zeta being a Read Only DC, but google and various searches have come up empty.
Who is Participating?
UnityPGConnect With a Mentor Author Commented:
The issue was that the RODC server had no certificate for authentication.   Installing a CA on Prime and exporting the cert to Zeta fixed it.


RODC have special handling with user account and password, you can get more idea here,

You might want to change the Password Replication Policy of RODC and give another try to authenticate user. More on password replication policy,

BTW, what radius are you using? If you are using NPS for radius authentication then it will be no problem.
UnityPGAuthor Commented:
Fixed it, sorry guys.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.