Share via

certificate for radius authentication not valid

Giovanni Luca Matera 106 Reputation points
2023-01-24T14:05:40.5933333+00:00

Hi everybody,

I configured a NPS server for Radius authentication for the Wifi network.

through the CA I issued a Certificate distributed on all clients.

the connection error "Event 12013 Wlan-AutoConfig 802.1x authentication of wireless network failed".

it shows up when I check the "use my windows user" falg.

Error details:

802.1x authentication of wireless network failed.

Network card: Intel(R) Wi-Fi 6 AX201 160MHz

Interface GUID: {9217eef0-3770-4601-b3f3-07b7a43df0b6}

Local MAC address: BC:F1:71:9F:50:FB

Network SSID: Name-Wi-Fi

BSS Type: Infrastructure

Peer MAC address: 23:65:CI:2F:52:E1

Identity: DOMAIN\Username

User: internship

Domain: DOMAIN

Reason: Received explicit EAP error

Error: 0x80420400

EAP Reason: 0x80420400

EAP root cause string: Unable to connect to network The root certificate on the server required for authentication could not be found in the certificate store. Therefore, the network will not be trusted by the computer.

EAP error: 0x80420400

While if I manually enter the Domain\Username and password credentials, it logs in without problems.

Can anyone help me?

Thank you very much

Windows for business Windows Server User experience Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 44,746 Reputation points
    2023-01-25T17:00:13.5666667+00:00

    Hello Giovanni Luca Matera,

    First, to check a quick fix:

    Try in the Windows machine, to forget the network and by connecting to the SSID, and not ticking "use my Windows user account" at the prompt, and instead I typed in your username and password without the domain prefix.

    If that has no effect, and you have verified that the certificate is correctly configured, and it is not experiede, then ikely it's a protocol issue. The Windows NPS uses schannel for security. Just like how a website uses TLS 1.0 or TLS 1.2 etc, the schannel uses SSL or TLS.

    You can check this reference documentation: https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings

    Area of registry to check out:

    Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

    For example, one key is: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2

    Inside this key you can create a server and client key. Inside the server and client keys, you create two REG_DWORD types named "DisabledByDefault" and "Enabled" and you use 0 or 1 to enable or disable.

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.