Secure Wireless Setup using 802.1x

Posted on 2012-08-28
Last Modified: 2012-09-02
I'm trying to setup a Secure Wireless environment with 802.1x for authentication using NPS on Server 2008 R2.  I've read a ton of articles on the setup but I'm still not clear if I have to setup a PKI infrastructure to make this work.  I thought I could just use a 3rd party certificate in place of the PKI setup but I can't seem to make it work.

My DC is also my NPS server.  It is Server 2008 R2.  I have both XP & Win 7 clients.  I have a 3rd Party certificate from Network Solutions for my Server.  Any assistance would be greatly appreciated.
Question by:XMen41
    LVL 20

    Accepted Solution

    guessing you want to use your 3rd party certificate for your NPS server - you need to use PEAP-MsChap V2 for client authentication.

    Do the following on NPS - create a remote policy, use a computer or user group, or both -
    when it comes to authentication - use PEAP as outer method - remove checkmarks for all less secure authentication methods - choose PEAP and choose edit - use MsChap V2 as inner method.

    Then configure clients to use same settings - PEAP and MsChap V2 as inner method.

    let me know if you need further and more detailed instructions
    LVL 1

    Author Comment

    I think I already have it setup like you have suggested.  I'm including a screen shot of my NPS Policy and GPO for the workstation.

    I have also included the error message from the Security Event Logs on the DC/NPS server.
    LVL 1

    Assisted Solution

    I resolved the problem and it was something simple.  I did not realize the 3rd Party certificate that I had needed to be loaded in IIS.  I don't think I ever saw that reference anywhere but I installed it there and everything started working.
    LVL 1

    Author Closing Comment

    jakob_di was correct in the instructions he provided.  I also needed to install my certificate correctly to make it all work.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
    Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
    This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
    This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now