setting up wpa2 enterprise with server 2008 r2

I am trying to set up wpa2 enterprise with server 2008 r2. I followed this tutorial http://www.windowsnetworking.com/articles-tutorials/windows-server-2008/Setting-up-Wi-Fi-Authentication-Windows-Server-2008-Part2.html, did exactly the same configuration. but my client pc not able to connect....

the AP i use here is DD-WRT linksys router. Any suggestion of why it's not working?
okamonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Joseph OLoughlinIT Support SpecialistCommented:
Any difficulties at the
Configure the wireless controllers and/or APs
step on the DD-WRT?
Are there other restrictions on the DD-WRT, e.g. blocking unknown mac addresses?
Are you getting an error when attempting to connect?  What is the error?  
If using a pcmcia or a usb wifi adapter try using another socket.
0
okamonAuthor Commented:
I reset the dd-wrt router and used it only as AP. So basically, it's all default setting. I only disabled dhcp and setup the wap2 enterprise there. I just got unable to connect message on client pc... I used the built-in adapter, I had no problem connecting to other non-enterprise wap2 AP.
0
Joseph OLoughlinIT Support SpecialistCommented:
You are telling me that the dd-wrt it configured for wap2 enterprise, using the 2008 server as the radius server?
Instructions are here
http://vnetwise.wordpress.com/2012/05/26/creating-a-wpa2-eap-wireless-network-with-nps-ad-cs-and-gpo/
I suspect an earlier error was Certificate is not trusted?
See also Request Certificate at
http://www.fatofthelan.com/technical/using-windows-2008-for-radius-authentication/
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

okamonAuthor Commented:
Thanks! I think it has something to do with my certificate.... I got an error when I clicked EAP edit button...
How do I redo it from scratch?
cert
0
Joseph OLoughlinIT Support SpecialistCommented:
From the second link above:
Under Installing  Network Policy and Access Services
...
Work down to "Specify 802.1X Switches", adding the dd-wrt
...
For the “Configure an Authentication Method” screen select “Microsoft Smart Card or other certificate” for EAP-TLS or “Microsoft Protected EAP (PEAP)” for PEAP.
0
Craig BeckCommented:
You've got a bit to do here.  In a nutshell...

1] Obtain a computer certificate for the NPS server from a CA, or generate a self-signed cert.
2] Configure a Network Access Policy in NPS to use the certificate, as Joseph said.  If you want to use computer authentication you need to use EAP-TLS.  If you want to use AD user/pass you need to use PEAP with MSChapV2.
3] Configure the AP as a RADIUS Client in NPS.
4] Configure the AP to use WPA2-Enterprise (or WPA2 802.1x if it's called that on the AP).
0
okamonAuthor Commented:
craigbeck, this is exactly what I did, but not working. as I haven't run any windows update on my newly built machine (server 2008 r2 and windows 7) ... is there anything to do with that?
0
okamonAuthor Commented:
i also followed exactly the same steps of this video, still no luck!!! https://www.youtube.com/watch?v=g-0MM_tK-Tk
it doesn't looks like difficult at all, but I really have no idea why it's not working for me.
0
Joseph OLoughlinIT Support SpecialistCommented:
Did you have any difficulties on the dd wrt?
Are you using windows or vendor (which one, e.g. intel, hp) utilities to connect to the wireless network?
0
Craig BeckCommented:
In post ID: 40308526 the picture says what the issue (or at least part of it) is.  You don't have a certificate which can be used by the NPS server to process EAP authentication.  Even if you have requested and obtained a certificate from a CA you've not done it correctly.

The easiest way to obtain a certificate is to request a computer certificate from the Certificates MMC snap-in on the NPS server.  This will be saved in the Computer's Personal certificate store and can be used by the NPS policy.
0
okamonAuthor Commented:
Actually I rebuilt the server and I don't see that error anymore. but I think someone also having issue like me with server 2008 R2... I did request the certificate using MMC on the CA....anyway, I found another tutorial and this worked for me https://www.youtube.com/watch?v=PjdFwQc_tCw   the way he setup the certificate it's very different from all other tutorial. can you tell me why this worked but other didn't? I am pretty sure  something to do with the certificate, but I did exactly the same from other tutorial. Unless there is something to do with 2008 R2..
0
Joseph OLoughlinIT Support SpecialistCommented:
Certificates are created for specific uses.  Some are single purpose, e.g. for a particular website or a particular email address, others can serve multiple purposes.  Check the certificate's properties for hints as to the intended roles.
0
Craig BeckCommented:
There is nothing different with 2008R2 with respect to requesting certificates.

Are you able to get clients connected using certificates or PEAP-MSChapV2 now?
0
okamonAuthor Commented:
yes. as I mentioned in my last post. After I followed another tutorial here  https://www.youtube.com/watch?v=PjdFwQc_tCw everything is working now. I just wanted to know why this worked while other tutorial I posted before didn't.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Seth SimmonsSr. Systems AdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Hardware

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.