Windows NPS + Certificate Selection

Matt 1 Reputation point
2024-04-02T19:22:34.55+00:00

Hello,

We've installed a Windows NPS server and are slowly rolling it out into production. We are using Machine Certificates for network auth *(i.e. Microsoft: Smart Card or other certificate). We are also using Cisco network switches and Cisco APs.

I have noticed that some PCs do not like it when "Use Simple Certificate Selection" is enabled for the Wired 802 network. For Wi-Fi it didn't seem to matter if that box was checked or not. But, for some reason on Wired it depends on the PC whether or not it will work.

We are using a variety of Lenovo ThinkPads *(X1, T470, T470s, T480, T480s, T14, T460, T460s).

It seems very odd that a PC can auth just fine on Wireless, but not Wired, when the same cert is being used for BOTH NAS-Port Types, i.e. wired or wireless...

For the PCs that wouldn't work with this option enabled, I tried re-issuing their certs. But that didn't seem to change anything.

Any help would be greatly appreciated!

-Matt

Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Jing Zhou 7,765 Reputation points Microsoft External Staff
    2024-04-05T01:39:10.5666667+00:00

    Hello,

     

    Thank you for posting in Q&A forum.

    If "Use simple certificate selection" option is checked, NPS server will select the certificate used for 802.1x authentication automatically. However, it may bring some issue if it selects a wrong Root CA.

    To further check this issue, you need to:

    1.Check the certificate configured on the Lan connection.

    2.Check the Root CA used for wired authentication in NPS policy on the server.

    3.Compare the two certificate matches or not and if it's trusted on NPS server.

     

    Hope this answer can help you well.

     

    Best regards,

    Jill Zhou

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.