Security

Reply
Occasional Contributor II

802.1x Authentication with Windows NPS

Hi gays,

I have an issue when configuring a 802.1x  PEAP authentication, the NPS service show error message 22 (the EAP type is cannot be processed by the server. 

 

- The type of EAP used is PEAP

- The AD Certificate Services is not deployed, I used ,insteed, a WildCard Public Certificate

- Aruba MM v8 Architecture

-NPS on windows server 2016 datacenter

 

Could you please help me to fix the issue.

 

Best regards

 

MVP Guru

Re: 802.1x Authentication with Windows NPS

Code 22 usually means the NPS was unable to negotiate the use of an Extensible Authentication Protocol (EAP) type with the client computer. Are you certain that both your client and NPS server are correctly configured? Can you test the communication between the MD and the auth server using the below command?

 

https://www.arubanetworks.com/techdocs/ArubaOS_6_5_3_X_Web_Help/Content/ArubaFrameStyles/1CommandList/aaa_test_server.htm


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Highlighted
Guru Elite

Re: 802.1x Authentication with Windows NPS


@Aghiles wrote:

Hi gays,

I have an issue when configuring a 802.1x  PEAP authentication, the NPS service show error message 22 (the EAP type is cannot be processed by the server. 

 

- The type of EAP used is PEAP

- The AD Certificate Services is not deployed, I used ,insteed, a WildCard Public Certificate

- Aruba MM v8 Architecture

-NPS on windows server 2016 datacenter

 

Could you please help me to fix the issue.

 

Best regards

 


You have two issues here:

 

1.  EAP Termination on ArubaOS is not supported (does not work and never has) with Windows IAS or NPS when using machine authentication.  Please disable termination in the 802.1x profile and use a certificate on the NPS server, instead for machine authentication to work.:

https://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Local-Termination-kills-802-1x-Auth-for-computers-in-Active/td-p/13948

 

2.  Using a wildcard certificate for 802.1x is not supported (does not work) for a number of clients.  It is a best practice to issue a Windows Server Certificate from your own Domain CA that all of your domain users already trust.

 

Please see the document attached the post here:  https://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Step-by-Step-How-to-Configure-Microsoft-NPS-2008-Radius-Server/m-p/14392/highlight/true#M6113 to see detailed info about setting up NPS.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: