sbppchelp
asked on
Certificate Authority - Wireless Network GPO - PEAP
I just created a GPO to automatically connect to wifi networks using PEAP. I installed a Certificate Authority, created the GPO, and applied to a test GPO. My Windows 10 laptop is connecting. My Windows 7 laptop is not.
The error in the NPS log for the Windows 7 failure is
ReasonCode 265
Reason The certificate chain was issued by an authority that is not trusted.
On my Windows 7 laptop, I ran gpupdate /force multiple times and rebooted while connected via ethernet cable multiple times. I didn't do anything in particular to get the Windows 10 laptop to see the freshly installed Certificate Authority. Is there anything I have to do to force the Windows 7 laptop to see it?
Certificate Authority - Server1 (2012 R2)
NPS Server - Server2 (2016)
RADIUS Client - Wireless Access Controller
The instructions I followed to set this up: https://www.youtube.com/watch?v=-wY_52F5S9E
The error in the NPS log for the Windows 7 failure is
ReasonCode 265
Reason The certificate chain was issued by an authority that is not trusted.
On my Windows 7 laptop, I ran gpupdate /force multiple times and rebooted while connected via ethernet cable multiple times. I didn't do anything in particular to get the Windows 10 laptop to see the freshly installed Certificate Authority. Is there anything I have to do to force the Windows 7 laptop to see it?
Certificate Authority - Server1 (2012 R2)
NPS Server - Server2 (2016)
RADIUS Client - Wireless Access Controller
The instructions I followed to set this up: https://www.youtube.com/watch?v=-wY_52F5S9E
Please refer attached snapshot from your youtube link where it is suggesting how to select the CA Server
Capture.JPG
Capture.JPG
ASKER
Thanks for the reply. My appropriate CA server is checked for my network. I know the GPO is set correctly because the policy is working for 3 out of 4 of my test machines.
ASKER
Update: I tried disjoining and rejoining the problematic Win 7 laptop to the domain in the hope that it would download a fresh copy of everything domain related. That didn't work. I'm still getting the same error on the NPS server and not getting connected to the new wireless network.
"The certificate chain was issued by an authority that is not trusted." Other test machines (both Win 10 and Win 7) are connecting automatically.
"The certificate chain was issued by an authority that is not trusted." Other test machines (both Win 10 and Win 7) are connecting automatically.
ASKER
Solved: I opened the certificates MMC from one of the working laptops and compared to the laptop that wasn't working. I verified the laptop that wasn't working didn't have the certificate from the newly installed Certifcate Authority. I exported the cert from a working laptop and imported into the same location on the non-working laptop. It connects. This issue is resolved, but I still don't know why the laptop didn't get the certificate automatically from the domain during GPUpdate /force, during reboots or while disjoining and rejoining. I probably have a larger communication issue with this client and the domain. I'll figure that out another day.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Great !! Thanks for sharing the solution
ASKER