Why did EAP TLS using Microsoft Internet Authentication Server fail with reason code 295?

Aruba Employee
Aruba Employee

Product and Software: This article applies to all Aruba controllers and ArubaOS 2.5 and later.


Wireless client is configured to use EAP TLS to authenticate with Microsoft Internet Authentication Server (IAS). The access was rejected with reason code 295 and the following reason:


Reason = A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.


The root cause is that the client certificate was issued by intermediate Certificate Authority (CA) and not all the intermediate CA certificates are loaded into the certificate stores in the Windows 2003 server.


You need to load all of the intermediate CA certificates and the root CA certificate into the Windows 2003 server for EAP TLS to work.

Version history
Revision #:
1 of 1
Last update:
‎07-02-2014 09:43 AM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: