RADIUS Authentication Problem in Windows Server 2016

I have configured AD and NPAS in the same server , added couple of RADIUS clients and created few Domain Users, added those user as a member of RAS and IAS Groups. Even though i have registered NPAS in AD for some reason it is failing to authenticate with NPAS.
Kinldy suggest.
MIcheal SAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
Check those event logs. Windows' RADIUS implementation is *very* good at logging issues and will tell you of any errors.  For example, if you didn't get the key matched between the RADIUS server and client (such as a WAP or VPN appliance) then it'll log that. If the keys match but authentication is failing because of group membership, it'll log that.  The codes and descriptions are descriptive enough for you to easily pinpoint the issue.
MIcheal SAuthor Commented:
In Logs , I am able to see the connection between the NPAS and the RADIUS Clients (WAP) are fine. but still authentication is not successfull. Where do we see the respective logs.
Cliff GaliherCommented:
In event viewer, client and server.
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

MIcheal SAuthor Commented:
Thank you Cliff Galiher, Found some Event ID's in NPS , i will try to figure it out.
MIcheal SAuthor Commented:
Hi Cliff , I think to enable EAP-PEAP authentication I must have to use SSL Certificates. I have not configured my server as a ADCS role. Instead i have third party SSL certificates. Kindly suggest , how to import the third party SSL certificates to be used for EAP-PEAP?

Thanks in advance.
Cliff GaliherCommented:
All EAP authentication methods require some PKI certificates. PEAP only requires one on the server that the client trusts.

If you have a 3rd party certificate with the machine name and supports the server authentication role, that'll be ins. Add it to the machine personal store using the certificates MMC. Then in the NPS console when configuring the policy, where you set the authentication type, you select the server certificate used. All suitable certificates in the store will be available. Note that the private key must be in the store as well. That means either generating the signing request on that machine, which generates a private key, or exporting the certificate WITH the private key from another machine... which can put the private key at risk of disclosure if not moved properly.

Note that this isn't unique to NPS. Most of this is basic PKI management.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MIcheal SAuthor Commented:
Hi Cliff,  As per you suggestion  i have added the third party certificate to the machine personal store using the certificates MMC. Then in the NPS console when configuring the policy authentication type EAP-PEAP also the certificate appears. But i do not know how to import the Private Key file.
MIcheal SAuthor Commented:
Hi Cliff, Configured ADCS , Created a certificate , it worked. Thanks Cliff
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2016

From novice to tech pro — start learning today.