Controllerless Networks

We recently put 3 iAP's into production.  We have a Guest SSID with internal accounting, and an Employee one (pretty standard issue).  Employee is authenticated by a RADIUS server with NPS on a Windows Server 2008 R2 machine.

 

Where I'm having the issue, is several clients intermittently can't connect with their AD accounts to the Employee SSID.

 

 

The above image shows some alerts that keep popping up.  Strange thing is, sometimes there's no issue connecting, and others, whatever the device, requires several attempts.

 

The event logs on the RADIUS server don't indicate any issues (especially since the alerts specify 'no response'/connection failure).

 

So firewall or blocking software on the RADIUS server.

 

I'm not sure why they aren't talking consistently.  The fact that it's intermittent is a little strange to me.

 

Has anyone seen this before?  Any ideas?

 

Thanks in advance!

Could you share the output of ?show tech-support? from your network? They can be obtained from the UI at ?Support > AP Tech Support Dump > All Aps > Run > Save"

Sorry, I did this one yesterday and meant to attach it to the first post.  Thanks!

 

Edit:

 

Solved... Turned out to be the VLAN the VC was set to (System\Advanced).  It defaulted to 10 out of the box - I changed it to 1 and it's now solid.

 

Cheers!

MooNBeaR1,

 

Just as a security precaution, whenever you post logs from anything internal from a company, always go through and scrub it of all keys first.

What does VC mean in VLAN?  I'm having somewhat of the same issue.  All the machines are authenticating .1x just fine, but the clients use eap-tls are not making it past the RADIUS server.  I will see the requests come thru on wireshark, but not in the event logs of the NPS server.