Windows 10: Windows Endpoint stop sending RADIUS Authentication

Dear Team,We have many endpoint enabled RADIUS authentication via our NAC Solution Forescout. Around 2000+ Endpoints are authenticated via EAP-TLS Certificate but during Friday Morning, We noticed that many endpoint start failing authentication and try to use MAC Address to authenticated with our NAC which cause Authentication failed. I have raised ticket via Forescout Support and they said issue is coming from endpoint itself.on Endpoint, We could see that Endpoint are not sending any authentication entity such as Username....etc for authentication.Endpoint Error Message is:ConnectionID 0x2

:)

 

Radius server + WLC and Client Certificate Authentication

Hello people,

We have an issue with our radius server.

I will explain what is our goal and what configuration we have so far:

Our goal is to authenticate clients in the domain using WLC and Client Certificate Authentication.

Each client in our domain has a unique personal certificate.

The idea is when an employee opens his PC automatically connects to the specified by the GPO recommended network by using the certificate and not the username and password.



Currently, we configured the WLC Cisco controller to receive the client certificate, authenticate it and provide the IP address(of course if the policies are validated).

Afterward that the WLC controller has to send the request to the radius server. The radius should check if the certificate is valid (not expired) and not included in the revocation list.

Here our issue came. It seems that the radius cannot access the revocation list and cannot check if the certificate is revoked.

We validated that by disabling the revocation list check in the Radius server registry settings.

If we set it to ignore the revocation list check, the authentication succeeds, and the client is authenticated successfully.

The thing is that this way we lower the security of the connection significantly and we would like to make sure the certificate is validated against the revocation list.

At the same time, there are no issues in the connection between the RADIUS server and the server where the revocation list is stored/published.



Could you please let me know if there is any specific configuration that should be made in order for the radius to be able to check the status of the authenticated certificate in the revocation list?

Is there any configuration guide that we have to follow in order to implement the necessary configuration in the most proper way?

 

AP unable to authenticate to RADIUS server

Hi,



Thank you for writing to Microsoft Community Forums.



We understand the difficulties as AP is unable to authenticate a RADIUS server.



In this scenario, we would suggest you to post your query in
TechNet forums, where we have experts and support professionals
who are well equipped with the knowledge on Access Protection to assist you with the appropriate troubleshooting steps



Aditya Roy

Microsoft Community – Moderator

 

windows RADIUS 2022 NPS server

I have recently installed windows 2022 radius server and will need to understand about certificate and cisco switch configuration to authenticate and activate aaa.

Could you please provide me step by step process to configure cisco switch and certificate? ?