[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Secure Wireless Setup using 802.1x

Posted on 2012-08-28
Medium Priority
Last Modified: 2012-09-02
I'm trying to setup a Secure Wireless environment with 802.1x for authentication using NPS on Server 2008 R2.  I've read a ton of articles on the setup but I'm still not clear if I have to setup a PKI infrastructure to make this work.  I thought I could just use a 3rd party certificate in place of the PKI setup but I can't seem to make it work.

My DC is also my NPS server.  It is Server 2008 R2.  I have both XP & Win 7 clients.  I have a 3rd Party certificate from Network Solutions for my Server.  Any assistance would be greatly appreciated.
Question by:XMen41
  • 3
LVL 22

Accepted Solution

Jakob Digranes earned 2000 total points
ID: 38342619
guessing you want to use your 3rd party certificate for your NPS server - you need to use PEAP-MsChap V2 for client authentication.

Do the following on NPS - create a remote policy, use a computer or user group, or both -
when it comes to authentication - use PEAP as outer method - remove checkmarks for all less secure authentication methods - choose PEAP and choose edit - use MsChap V2 as inner method.

Then configure clients to use same settings - PEAP and MsChap V2 as inner method.

let me know if you need further and more detailed instructions

Author Comment

ID: 38343198
I think I already have it setup like you have suggested.  I'm including a screen shot of my NPS Policy and GPO for the workstation.

I have also included the error message from the Security Event Logs on the DC/NPS server.

Assisted Solution

XMen41 earned 0 total points
ID: 38343368
I resolved the problem and it was something simple.  I did not realize the 3rd Party certificate that I had needed to be loaded in IIS.  I don't think I ever saw that reference anywhere but I installed it there and everything started working.

Author Closing Comment

ID: 38358491
jakob_di was correct in the instructions he provided.  I also needed to install my certificate correctly to make it all work.

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question