Alrighty guys, I'm apparently stuck on stupid here. This is my situation. I have two locations. Our main location is a master 3600 with two local 3600's running Aruba OS 5.0.4.7 supporting 300+ AP 105 units running only the base license. This is configured with two networks, one a WPA2 Enterprise network (PEAP/MSCHAPv2) and one an open network secured by captive portal. The WPA2 network authenticates against a Windows 2008 R2 server running NPS for our RADIUS server and allowing both user/password and certificate authentication. Our own employer assigned machines are configured to use machine authentication only, we do not care who the user is as long as it's one of our own machines. All is well at the main location.
Our new location is a different story. Here again we're using a 3600, but here we have Aruba OS 6.1.3.3 as we're supporting AP 135 units which require 6.x. In addition, this location has the PEF-NG license due to some future plans we have for this location. I've configured the networks identically to the main location. Personal machines and mobile devices work perfectly using WPA2 Enterprise and supplying usernames and passwords. But our own machines fail to log on. Watching from the monitor, I never even see the client on the controller. Normally while anyone is attempting to authenticate, I'll at least see them in the monitor in the logon role. On the NPS side of things, we see the proper policies being applied to the request, but obviously no authentication is occurring.
Things that we knew would trip us up and have already looked at:
* This remote location is connected back to the main location via a site to site VPN tunnel, and shares the same IP numbering scheme as the main campus. The NPS is configured to allow a certain pair of /16 networks that provide our wireless access. The new network falls into this scheme.
* The controller has been added as a valid client for the NPS.
Once upon a while back, the AD admin and I found a utility that showed us authentication successes and failures, and I seem to recall this utility NOT being the normal system logs. This helped IMMENSELY in troubleshooting that issue at that time. Anyone happen to know what that is? Primarily though, anyone have any idea what I've missed here? Seems to me that I've missed something stupidly here and I'm going to kick myself.
Thanks for your help!
#3600