05-27-2015 08:00 AM
I'm in the process of updating my certificate on NPS (no clearpass...yet). I've added the new cert and changed the client policy but users are unable to connect. I put a device in the debugger and looked at the auth-trace and the user-debug log and the only thing that stands out is that the rad-req and rad-resp. When i move to the new cert the radius server isn't listed in the logs and when I move it back the radius server is listed. I deleted the configs on the client and readded them without server validation and I'm still seeing issues.
The new intermediate cert is "thawte SSL CA - G2" vs the old "Thawte SSL CA"
New cert, Failed to connect:
May 27 08:56:13 rad-req -> 00:00:00:00:00:00 11:11:11:11:11:11 122 201
Old cert, Successful connection:
May 27 08:56:47 rad-req -> 00:00:00:00:00:00 11:11:11:11:11:11/nps_svr 19 271
May 27 08:56:47 rad-resp <- 00:00:00:00:00:00 11:11:11:11:11:11/nps_svr 19 191
If anyone has any ideas/suggestions I'm willing to go down the rabbit hole.
Solved! Go to Solution.
05-28-2015 11:32 AM
Just wanted to answer my own question. The certificate wasn't corresponding with the private key so I had to run the command line certutil tool to repair the newly imported certificate.