Wireless Access

Customer running Aruba 7210 controller with WPA2-AES network. RADIUS server is Bradford CM3000, which talks to Windows NPS and AD. When a user connects to wireless, they have to enter their username/password twice every time to successfully connect. Is there any controller configuration that might be causing this?

Were also having an issue with automatically reconnecting to the wireless, but I feel that is more a problem with GroupPolicy settings or the devices itself.

Are the users being prompted to accept a certificate?

Customer was having issues where the certificate was saying "untrusted" although it was purchased through VeriSign. I'm finding out if it is still an issue, but I was advised that it was being fixed.

This is normal behavior. It has nothing to do with the certificate being signed by a public CA. It is saying that the certificate (server) has not been explicitly trusted for the SSID/network.

Are all of your devices being configured through group policy?

Ok, that's good to know. Yes, all devices are configured through Group Policy. Is there something in Group Policy they are missing?

OK. So make sure that the Root CA (that signed the RADIUS server cert) is checked in the config as well as the server names (common name(s) of the certificate(s)) are entered. See below:

That seemed to be a major fix for the issues. 

Customer did not have "Verify Server Certificate" checked, so they did not have the cert selected. Also they did not have "Use Windows credentials for authentication" checked, which was why it was not automatically connecting them and prompting them for passwords after logging in. Fixed settings and updated Group policy on devices. 

We still had a few scattered problem, but determined it was still Microsoft server and Group OU misconfiguration. 

Thanks for the help!

Also check in the security logs to see what errors messages are showing up ?

In the NPS policy can you please check under the WPA2/AES settings to see if the correct cert was selected ?