<div>
We need to compare the settings for the NPS Network Policy, and for the wireless connection on the client.<br />
It would probably be best if you could provide screenshots of both.
</div>


<div>
the full text fro eventlog deny-message would be usefull.
</div>


<div>
Here is the what I am getting in the event viewer.....<br />
<br />
Network Policy Server denied access to a user.<br />
<br />
Contact the Network Policy Server administrator for more information.<br />
<br />
User:<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Security ID: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Domain\LAPTOP-LRUU00C8$<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Account Name: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;host/LAPTOP-LRUU00C8.Domai<wbr />n.com<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Account Domain: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Domain<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Fully Qualified Account Name: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Domain\LAPTOP-LRUU00C8$<br />
<br />
Client Machine:<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Security ID: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;NULL SID<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Account Name: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Fully Qualified Account Name: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;OS-Version: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Called Station Identifier: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;14-91-82-62-4A-02:Lamppost<wbr /><br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Calling Station Identifier: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;2C-6E-85-42-4D-25<br />
<br />
NAS:<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;NAS IPv4 Address: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;10.1.10.8<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;NAS IPv6 Address: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;NAS Identifier: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;NAS Port-Type: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Wireless - IEEE 802.11<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;NAS Port: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;0<br />
<br />
RADIUS Client:<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Client Friendly Name: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;APNAME<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Client IP Address: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;10.1.10.8<br />
<br />
Authentication Details:<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Connection Request Policy Name: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Secure Wireless Connections<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Network Policy Name: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Authentication Provider: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Windows<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Authentication Server: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Vulcan.Domain.com<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Authentication Type: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;EAP<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;EAP Type: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;-<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Account Session Identifier: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;30344642343636342D30303030<wbr />30303132<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Logging Results: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Accounting information was written to the local log file.<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Reason Code: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;48<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Reason: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;The connection request did not match any configured network policy.
</div>


<div>
Here is a screenshot of the config.... please let me know is this helps.<br />
<a href="https://filedb.experts-exchange.com/incoming/2018/01_w05/1267833/NPSConfig.jpg" target="_blank" class="file-inline" title="NPSConfig.jpg (82 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>NPSConfig.jpg</a>
</div>


NPSConfig.jpg

<div>
what is funny about this issue. &nbsp;Some users are able to connect, all laptop users are part of the Wireless AD group. &nbsp;why would the authentication type be EAP ? the users is typing their credeintials...... (domain\username) and password.... but the computer is what being authenticated.
</div>


<div>
Open the properties of the Network Policy, go to the Constraints tab, under Authentication Methods select the EAP type and click Edit - please post a screenshot of this.<br />
Back under Authentication Methods, you should be able to uncheck MS-CHAP-v2 and MS-CHAP (not needed - these are different than PEAP MS-CHAP-v2).<br />
<br />
Are you wanting to authenticate users, or computers?<br />
Are the wireless settings configured via Group Policy, or just on individual computers?
</div>


<div>
possible the &quot;NAS Port type&quot; don't match.<br />
if there are no other policies remove this selector or try to use another...
</div>


<div>
FWIW, the NAS Port Type as set is what I would expect to see for authenticating wireless users. &nbsp;I would expect if this wasn't correct then no users would be able to connect.
</div>


<div>
Here are properties for EAP settings<br />
<br />
Thank you!<br />
<a href="https://filedb.experts-exchange.com/incoming/2018/02_w05/1268324/EAP.png" target="_blank" class="file-inline" title="EAP.png (13 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>EAP.png</a><br />
<a href="https://filedb.experts-exchange.com/incoming/2018/02_w05/1268325/EAP2.png" target="_blank" class="file-inline" title="EAP2.png (14 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>EAP2.png</a>
</div>


EAP.png

EAP2.png

<div>
Footech<br />
<br />
&nbsp; &nbsp;I am authenticating users not computers. I do not use GPO for clients settings. &nbsp;I will try creating &nbsp;the wireless profile manually &nbsp;using PEAP and report back.
</div>


<div>
I will try creating manually as suggested. Thank you,.
</div>


<div>
<div class="content wysiwyg-content">
I configured a AD NPS server to authenticate users in a particular AD Group ( not computers). &nbsp;Users are unable to connect, I see the errors in the NPS logs : Event ID 6273 Reason &nbsp;Code: 48. &nbsp;and the Authentication Type is EAP. &nbsp;and it Is denying access to the computer account, event though the user is entering their AD credential is the form of domain\Usename
</div>
</div>


I configured a AD NPS server to authenticate users in a particular AD Group ( not computers).  Users are unable to connect, I see the errors in the NPS logs : Event ID 6273 Reason  Code: 48.  and the Authentication Type is EAP.  and it Is denying access to the computer account, event though the user is entering their AD credential is the form of domain\Usename

Authentication Issues with NPS and Wireless  802.1x

Wireless networking is anything related to the transfer of data between two (or more) devices without the use of a physical connection, ranging from getting advice on a new Bluetooth headset to configuring sophisticated enterprise level networks.