Requested EAP methods not available

I am having trouble getting a wireless Access point (Cisco AIR-AP1242AG-N-K9) to authenticate our users through Active Directory when they log in. This started happening about a month ago and I am unsure of why.

I have a Domain controller running Windows Server 2008 R2, NPS, Active Directory Certificate Services, DNS Server, AD Domain Services that the Access point is supposed to authenticate through.

The error I am receiving from Event Viewer is:
Negotiation failed. Requested EAP methods not available

The NPS Log shows:
<Event><Timestamp data_type="4">10/03/2014 09:08:06.888</Timestamp><Computer-Name data_type="1">AD2008</Computer-Name><Event-Source data_type="1">IAS</Event-Source><User-Name data_type="1">jdykstra</User-Name><Framed-MTU data_type="0">1400</Framed-MTU><Called-Station-Id data_type="1">003a.99c4.ae80</Called-Station-Id><Calling-Station-Id data_type="1">5894.6b43.e9d0</Calling-Station-Id><Service-Type data_type="0">1</Service-Type><NAS-Port-Type data_type="0">19</NAS-Port-Type><NAS-Port data_type="0">363</NAS-Port><NAS-IP-Address data_type="3"></NAS-IP-Address><NAS-Identifier data_type="1">annex-wifi</NAS-Identifier><Client-IP-Address data_type="3"></Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">WirelessAnnex</Client-Friendly-Name><Proxy-Policy-Name data_type="1">Use Windows authentication for all users</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">CO\jdykstra</SAM-Account-Name><Class data_type="1">311 1 10/03/2014 14:00:45 35</Class><Authentication-Type data_type="0">5</Authentication-Type><NP-Policy-Name data_type="1">NetMotion</NP-Policy-Name><Fully-Qualifed-User-Name data_type="1"> Technology/Jason Dykstra</Fully-Qualifed-User-Name><Quarantine-Update-Non-Compliant data_type="0">1</Quarantine-Update-Non-Compliant><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>

I believe the AP is reaching the Radius server, but something is wrong with EAP or Certificates. I am not versed in Certificates enough to do anything but cause problems. This may be why we are having the issue. I tried to create a certificate for a Cisco Unity and Callmanager LDAP integration for SSL and was not able to get it to work. I am not sure this is what broke it, but I have spent 2 days searching for answers and would like some help if possible.

I did not setup the AP from the start, I am coming into this already setup. I have not had a chance to really get my head around the setup and how they all talk to each other. So please bear with me if I have questions on how to do something.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Craig BeckCommented:
Can you post a screenshot of the different tabs in your network access policy?
WalkerCountyTXAuthor Commented:
By this, do you mean the tabs on my Wireless AP....or the NPS information?

I have attached a screen of the Network policies in my NPS if that is what you mean.
Craig BeckCommented:
That's a start.

Can you open that policy and go to the Constraints tab, then screenshot the Authentication Methods?  Also, click 'Edit' on the method(s) you have there and screenshot those please.
SolarWinds® VoIP and Network Quality Manager(VNQM)

WAN and VoIP monitoring tools that can help with troubleshooting via an intuitive web interface. Review quality of service data, including jitter, latency, packet loss, and MOS. Troubleshoot call performance and correlate call issues with WAN performance for Cisco and Avaya calls

WalkerCountyTXAuthor Commented:
As requested
The Picture that shows the method information has the domain edited to show Domain Server.Domain
Craig BeckCommented:
In the first image - you don't want any boxes ticked.

Can you change that, then try to reconnect?

Can you go to the Custom logs on the NPS server and pull a record from there, instead of the standard NPS entries in the system or security logs please?  Just copy/paste without the XML stuff.
WalkerCountyTXAuthor Commented:
I unchecked the box as you requested and still could not connect. Here is the log for the failed attempt from the custom logs on the server (Minus the XML stuff :)  )

I notice that it gives me the Client Friendly Name:            WirelessAnnex
Then it shows the Network Policy Name:            NetMotion

The network policy should be Wireless Users I think.

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          10/6/2014 4:00:14 PM
Event ID:      6273
Task Category: Network Policy Server
Level:         Information
Keywords:      Audit Failure
User:          N/A
Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

      Security ID:                  CO\jdykstra
      Account Name:                  jdykstra
      Account Domain:                  CO
      Fully Qualified Account Name: Technology/Jason Dykstra

Client Machine:
      Security ID:                  NULL SID
      Account Name:                  -
      Fully Qualified Account Name:      -
      OS-Version:                  -
      Called Station Identifier:            003a.99c4.ae80
      Calling Station Identifier:            5894.6b43.e9d0

      NAS IPv4 Address:  
      NAS IPv6 Address:            -
      NAS Identifier:                  annex-wifi
      NAS Port-Type:                  Wireless - IEEE 802.11
      NAS Port:                  480

RADIUS Client:
      Client Friendly Name:            WirelessAnnex
      Client IP Address:        

Authentication Details:
      Connection Request Policy Name:      Use Windows authentication for all users
      Network Policy Name:            NetMotion
      Authentication Provider:            Windows
      Authentication Server:  
      Authentication Type:            EAP
      EAP Type:                  -
      Account Session Identifier:            -
      Logging Results:                  Accounting information was written to the local log file.
      Reason Code:                  22
      Reason:                        The client could not be authenticated  because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.
Craig BeckCommented:
The authentication request is falling into the NetMotion policy.

Can you move the "Wireless Users" rule above the "NetMotion" rule and try again, but also test whatever uses the "NetMotion" authentication rule too?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
WalkerCountyTXAuthor Commented:
Instead of moving Wireless Users policy above the NetMotion Policy I removed myself from the NetMotion Users group. I was then able to authenticate with the Wireless AP. I did it this was because the NetMotion Policy is important and I do nto want to disrupt service. I will have to get with the office that uses it to schedule a time for testing.
Craig BeckCommented:
Ok that's fair enough.  You may need to add extra conditions to more specifically match users to each policy.
WalkerCountyTXAuthor Commented:
My counterparts and myself decided to go ahead and move the wireless above the NetMotion and we are testing, so far today we have not seen any issues. I want to thank you for helping me step through this issue  :)

It has been a learning experience for us.
Craig BeckCommented:
My pleasure 😊
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.