Wireless Access

Hi All.

I'm trying to secure our network further by enabling 802.1x on all switchports using PEAP-Chapv2. Backend Server is Windows Server 2019 NPS

All clients can authenticate to port with their username/password as expected.

I'm now trying to get my AP's to authenticate using PEAP as well for easier deployment, but that does not work. On the NPS server I hit the correct policy, but the request is rejected with the error: 

That seems to suggest the AP is trying to use TLS 1.0 or 1.1 which is disabled (i think) on Server 2019 NPS. The NPS uses TLS 1.2 as far as I know. 

Any ideas?

-Keyser

Grab a packet capture of the transaction to see what TLS version is presented in the Client Hello.  If necessary to change, you can then make a registry edit to enable the require TLS version.

Hi All.

I'm trying to secure our network further by enabling 802.1x on all switchports using PEAP-Chapv2. Backend Server is Windows Server 2019 NPS

All clients can authenticate to port with their username/password as expected.

I'm now trying to get my AP's to authenticate using PEAP as well for easier deployment, but that does not work. On the NPS server I hit the correct policy, but the request is rejected with the error: 

That seems to suggest the AP is trying to use TLS 1.0 or 1.1 which is disabled (i think) on Server 2019 NPS. The NPS uses TLS 1.2 as far as I know. 

Any ideas?

-Keyser

Hi All.

I'm trying to secure our network further by enabling 802.1x on all switchports using PEAP-Chapv2. Backend Server is Windows Server 2019 NPS

All clients can authenticate to port with their username/password as expected.

I'm now trying to get my AP's to authenticate using PEAP as well for easier deployment, but that does not work. On the NPS server I hit the correct policy, but the request is rejected with the error: 

That seems to suggest the AP is trying to use TLS 1.0 or 1.1 which is disabled (i think) on Server 2019 NPS. The NPS uses TLS 1.2 as far as I know. 

Any ideas?

-Keyser

Hi,

I think I blogged about this issue a few years ago:

Problems authenticating Aruba access points using PEAP (ap1x) and NPS on Windows Server 2019

Hi All.

I'm trying to secure our network further by enabling 802.1x on all switchports using PEAP-Chapv2. Backend Server is Windows Server 2019 NPS

All clients can authenticate to port with their username/password as expected.

I'm now trying to get my AP's to authenticate using PEAP as well for easier deployment, but that does not work. On the NPS server I hit the correct policy, but the request is rejected with the error: 

That seems to suggest the AP is trying to use TLS 1.0 or 1.1 which is disabled (i think) on Server 2019 NPS. The NPS uses TLS 1.2 as far as I know. 

Any ideas?

-Keyser