Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
269
Views
0
Helpful
2
Replies

Win7 not accepting cert from NPS

CSCO10662744_2
Level 1
Level 1

‎05-16-2016 09:55 AM - edited ‎03-10-2019 11:46 PM

An environment I'm working on has Cisco WLC, MS NPS RADIUS server, and some clients doing WPA2-Enterprise authentication.
For some reason, all the endpoints work, except Win7 clients.

With either self, or public signed certs, Win7 would prompt for username/password, but after clicking OK, authentication would fail.

Win7 does NOT prompt for user to accept cert, while NPS has a log saying cert is not trusted.
Why would Win7 not prompt for user to accept cert, and how do we enable that prompt?

Is this an NPS-specific issue?
If we use ISE to do RADIUS auth in the backend, would this issue go away?

Labels:
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎05-16-2016 10:51 PM

It sounds like the Windows 7 machines are missing the CA certificate that was used to issue the NPS certificate used for the PEAP authentication.

0 Helpful

CSCO10662744_2
Level 1
Level 1
In response to Philip D'Ath

‎05-19-2016 11:31 AM

Thanks for the reply.

In the past, even when the CA cert is not in the trust store, Win7 would still prompt user w/ a warning, and user still had a choice to accept/deny.

In this case, the user doesn't even get prompted.

We changed the CN in cert, and created a DNS entry, and somehow that made Win7 clients to start prompting users now.

I was curious to know why Win7 didn't prompt, and if this is a specific behavior when NPS s used as RADIUS server.

0 Helpful
Customers Also Viewed These Support Documents