Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Missing User Auth 802.1x 2504 WLC and Microsoft NPS

Hello all, 

I was hoping to gets some feed back on an 802.1x authentication problem I ran into recently. User authentication for a new 802.1x SSID is not working properly for windows computers. However, it can work on devices like cell phones. 



To give you details on the environment, this is a new 802.1x SSID that is being implemented. It is utilizing a 2504 WLC running 7.6.100 code. The RADIUS server is Microsoft NPS running on a Server 2012 R2 machine. The NPS Server setup  is relatively straight forward. The Connection Request Policy is setup to accept 802.11 clients or wireless other. The Network Policy is also simple, just looking to authenticate and Domain Users. The Authentication is accomplished using PEAP with MSCHAPv2. The certificate in use is a signed cert from the Domain CA and not a 3rd party. 


Problem Description 

OK, the actual problem is authentication on this new 802.1x SSID will not authenticate windows clients properly domain or not domain joined. I have verified that this will work with some employees phones, but consistently doesn't work with windows clients. When I look at the NPS logs the Network Policy never hits and I do not see the clients user account being passed to the NPS server. If I do see the logs the only authentication information passed appears to be the computer account. This is odd because the client will be prompted for username and password if not a domain user and this does not appear in the logs at all. 


Any and all suggestions are appreciated. I'm looking for direction in next steps for troubleshooting and trying to figure out why my network policy is not being applied. 


Best regards,



Are u sure that the CA chain

Are u sure that the CA chain is correct installed on the client?
Are u sure that the wifi profile is correct on the client? default is to use smartcard and not certificates...I saw sometimes..