Singel AP, no controller, EAP authentication problem

I've setup my Windows 2008R2 domain controller according to this document:
http://www.fatofthelan.com/technical/using-windows-2008-for-radius-authentication/

I have a singel AP which I've setup to authenticate with the NPS.

The certificates from the CA are distributed to all of my Windows 7 clients.

When I try to connect I see the attempt AP. On the client I get an EAP-TLS authentication box where I can enter a username/password. Even if I enter the correct one, I can't connect.

On the NPS server I get the following message in the application log:

EventID: 1006
Source: EapHost
Info: Negotiation failed. Requested EAP methods not available

I've tried the following EAP types:
Microsoft: Smart Card or other certificate
Microsoft: Protected EAP
Microsoft Secured password (EAP-MSCHAP v2)

neither works.

Does anyone know what I'm doing wrong?
LVL 3
computicationAsked:
Who is Participating?
 
computicationConnect With a Mentor Author Commented:
There is some sort of corruption on the server where I installed NPS. I just finished installing NPS on a new server, put in the basic configuration and it works.

 

I'll just move the NPS to a different server.

 

Thank you for all your help.

 

Kind regards,

 

Martijn
0
 
Jakob DigranesSenior ConsultantCommented:
looks like your client certificate doesn't have the correct OID;
User certificates must contain the Client Authentication EKU (the 1.3.6.1.5.5.7.3.2 object identifier).

Please post screen shots of NPS policy and client wireless profile
0
 
computicationAuthor Commented:
The client certificate contains the identifier you mentioned.

I've attached screenshot of the settings.
Server-WifiSecure.JPG
Client-PEAPsettings.JPG
Client-WifiSettings.JPG
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Jakob DigranesSenior ConsultantCommented:
remove check marks for MsChap and MsChapv2 and higjhlight PEAP and choose edit. What inner authentication method have you chosen?
0
 
computicationAuthor Commented:
Thank you for the help.

I've disabled them, no result, and I've attached the PEAP properties window.
Server-PEAP-properties.JPG
0
 
Craig BeckCommented:
In the Client-PEAPsettings.jpg screenshot you have the 'Validate Server Certificate' box checked, but you don't have a CA checked.  Untick the 'Validate Server Certificate' box and try again.
0
 
computicationAuthor Commented:
Tried, same result. I've turned on the NPS tracking. in the IASSAM.log I get the following error:
[5320] 08-20 11:32:16:504: Successfully retrieved session (77) for user DALWEG48\MARTIJNP$.
[5320] 08-20 11:32:16:504: Processing output from EAP: action:2
[5320] 08-20 11:32:16:504: Translating attributes returned by EAPHost.
[5320] 08-20 11:32:16:504: EAP authentication failed.
[5320] 08-20 11:32:16:504: No AUTHENTICATION extensions, continuing
[5320] 08-20 11:32:16:504: No AUTHORIZATION extensions, continuing
[5320] 08-20 11:32:16:504: Inserting outbound EAP-Message of length 4.
0
 
computicationAuthor Commented:
installed service on other server and that resolved it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.