11-26-2015 04:44 AM
For 802.1x authentication you need an SSL Server certificate on your RADIUS server; and that certificate must be trusted (and configured) by your client.
You should put the certificate on most cases on the RADIUS server, NPS in your case, however the controller can present a certificate to the client as well. This is called 'Termination' in your 802.1x Authentication profile. Your screenshot shows that the controller terminated the RADIUS connection with its built-in certificate. If you did setup your AD with a certificate, you may need to switch off Termination on the 802.1x authentication profile.
If you need to setup NPS, this post: http://community.arubanetworks.com/t5/Community-Tr
If you have urgent issues, please contact your Aruba partner or Aruba TAC.