EAP-TLS Certificate Issue on NPS

Error in photo attached. We have made a new Certificate Authority and I think it is functional but I am not 100% sure. I am able to assign certs to one of my DC without an issue and as we setup our Always ON VPN server we are having this issue during the NPS step.

IMG.png
Also as you can see the certificates on the DC

Capture.PNG
LVL 1
Steve HarrisIT AnalystAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MaheshArchitectCommented:
double click existing certificates and ensure that it has associated private key message on general tab

If not then those certs can't be listed

OR check if those certs are installed under local user context instead of local computer, in that case move them to local computer store
Steve HarrisIT AnalystAuthor Commented:
I am assuming you are referring to this, which all the new certs have.
Capture.PNG
And all the certs are located under the local computer store.  :)
MaheshArchitectCommented:
yes, that right, have you tried to reboot NPS server?

OR

If you could try reinstalling NPS role
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

Peter HutchisonSenior Network Systems SpecialistCommented:
Have you created and assigned certificate on the NPS server itself?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Steve HarrisIT AnalystAuthor Commented:
@Mahesh, restarted yes, reinstall changed nothing.

@peter I have not done this part. I thought it was only for the Domain controller certificates it is looking for.
MaheshArchitectCommented:
Ideally any certificate with Server Authentication as EKU can be used as nps certificate and hence domain controller cert should do the job

the picture attached of certs are from dc which made anybody think that nps is installed on dc itself

But now i realize that you have seperate nps server and in that case you need to enroll it manually
Steve HarrisIT AnalystAuthor Commented:
Yes, I need to work on wording. Attempting to get everything off the DC, so the creation of the NPS was made on another system.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
certificate services

From novice to tech pro — start learning today.