Controller Based WLANs

Why did EAP TLS using Microsoft Internet Authentication Server fail with reason code 295?

Product and Software: This article applies to all Aruba controllers and ArubaOS 2.5 and later.


Wireless client is configured to use EAP TLS to authenticate with Microsoft Internet Authentication Server (IAS). The access was rejected with reason code 295 and the following reason:


Reason = A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.


The root cause is that the client certificate was issued by intermediate Certificate Authority (CA) and not all the intermediate CA certificates are loaded into the certificate stores in the Windows 2003 server.


You need to load all of the intermediate CA certificates and the root CA certificate into the Windows 2003 server for EAP TLS to work.

Version History
Revision #:
1 of 1
Last update:
‎07-02-2014 09:43 AM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.