Occasional Contributor II

Windows NPS server public certificate problem

I have gone through searching the sites and don't seem to find an answer to this.  There are a few dicussions but not clear or direct to my problem.


We are implementing 802.1x authentication with Windows NPS servers.  If we choose to use Windows private AD certificate, users (both PC and MAC) are able to authentication except you have to either ignore validate certificate or add a private certificate to keychain.  But as soon as I switched to a public CA (I got two free trial from and, single cers, not SAN or wildcard), I got error messges on NPS as "The client could not be authenticated  because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server."


From Aruba user-debug log, it shows the user was authenticated successfully for a few seconds and failed right after.


Any help would be much appreciated.   Do I need to upgrade to high end certificate like verisign?



Re: Windows NPS server public certificate problem

Can you please confirm what type of authentication we are trying to accomplish here? EAP-TLS or EAP-PEAP.

Are we terminiating the EAP on the controller? If yes, we need to install the server cert and trusted-ca on the controller.

If no, we need to make sure NPO contains the right authentication type which includes one of the authentication method which client trying to negotiate with the valid cert present on radius.


From the security logs on the NPS server, we need to make sure client is getting the right policy which we are expecting.


Below debugging woud give more info about the communcition between the controller and the server.


From the config mode,


logging level debugging security process authmgr

logging level debuging security subcat aaa


We amy need to disable the debugigng once we found the root cause or done with the troubleshooting to avoid the authmgr module busy on the controller if we have more volume dialing in to the controller.


You can also email me at with the above debugging enabled to look at the issue.


show auth-tracebuf will also provide more information about the client communication against radius server to see where it stops.



Thanks & Regards,

Sriram Subramanian

Technical Support Engineer











Re: Windows NPS server public certificate problem

Thanks much for your call. We found the issue with Cert on the Radius server where there is no private key is attached to the cert; hence we are getting the error message "server reject messages on controller". Please kindly let me know if we still have issues.



Sriram Subramanian

Technical Support Engineer


Occasional Contributor II

Re: Windows NPS server public certificate problem

you are right Sraram.  After I re-installed a new certificate (,  it works out fine for both PC and Mac.  Thanks for the help.



Re: Windows NPS server public certificate problem

HI Yong,

Good news and thanks for the update. Please feel free to get back to us for any help you need.


Thank you,

Sriram S

Technical Support Engineer


Search Airheads
Showing results for 
Search instead for 
Did you mean: