Product and Software: This article applies to all Aruba controllers and ArubaOS 2.5 and later.
Wireless client is configured to use EAP TLS to authenticate with Microsoft Internet Authentication Server (IAS). The access was rejected with reason code 295 and the following reason:
Reason = A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
The root cause is that the client certificate was issued by intermediate Certificate Authority (CA) and not all the intermediate CA certificates are loaded into the certificate stores in the Windows 2003 server.
You need to load all of the intermediate CA certificates and the root CA certificate into the Windows 2003 server for EAP TLS to work.