I'm in the process of updating my certificate on NPS (no clearpass...yet). I've added the new cert and changed the client policy but users are unable to connect. I put a device in the debugger and looked at the auth-trace and the user-debug log and the only thing that stands out is that the rad-req and rad-resp. When i move to the new cert the radius server isn't listed in the logs and when I move it back the radius server is listed. I deleted the configs on the client and readded them without server validation and I'm still seeing issues.
The new intermediate cert is "thawte SSL CA - G2" vs the old "Thawte SSL CA"
New cert, Failed to connect:
May 27 08:56:13 rad-req -> 00:00:00:00:00:00 11:11:11:11:11:11 122 201
Old cert, Successful connection:
May 27 08:56:47 rad-req -> 00:00:00:00:00:00 11:11:11:11:11:11/nps_svr 19 271
May 27 08:56:47 rad-resp <- 00:00:00:00:00:00 11:11:11:11:11:11/nps_svr 19 191
If anyone has any ideas/suggestions I'm willing to go down the rabbit hole.
Thanks,
Rosie!