This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I had a Windows 2016 server with NPS set up for radius and used EAP for secure wireless connections. works fine with Windows 10 computers and has for years. Windows 11 clients are unable to access secure wireless using EAP. I set up a new 2022 server hoping it would resolve but still having the same issues. I have read a dozen articles about TLS 1.3 and setting reg on client to use TLS 1.2 - tried that and it didnt work. Saw some things about credential guard as well but not sure thats the issue. Looking for any advice on what to look at. Hoping not to have to spend $500 to open a ticket with MS. Tried enabling TLS 1.0 / 1.1 on server just to try but that didnt work either...
Please help!
rules are security group / domain computers and using an internal CA cert for EAP with client / server authentication, trusted CA.
--- Log for success ----
Network Policy Server granted access to a user.
User:
Security ID: LOCALDOMAIN\WS0381014$
Account Name: host/WS0381014.LOCALDOMAIN.LOCAL
Account Domain: LOCALDOMAIN
Fully Qualified Account Name: LOCALDOMAIN\WS0381014$
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
Called Station Identifier: 70-4C-A5-37-C7-8A:Secure-Wireless
Calling Station Identifier: C8-E2-65-4A-1A-FA
NAS:
NAS IPv4 Address: 0.0.0.0
NAS IPv6 Address: -
NAS Identifier: 10.123.123.21/5246-Secure-Wireless
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: 1
RADIUS Client:
Client Friendly Name: AP-WS
Client IP Address: 10.123.123.1
Authentication Details:
Connection Request Policy Name: Secure Wireless Connections
Network Policy Name: Secure Wireless Connections
Authentication Provider: Windows
Authentication Server: IIS22.LOCALDOMAIN.LOCAL
Authentication Type: PEAP
EAP Type: Microsoft: Secured password (EAP-MSCHAP v2)
Account Session Identifier: 36353945314330333030303034414346
Logging Results: Accounting information was written to the local log file.
---- Log for Failure ---
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: LOCALDOMAIN\username.username
Account Name: username.username
Account Domain: LOCALDOMAIN
Fully Qualified Account Name: LOCALDOMAIN\username.username
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
Called Station Identifier: 70-4C-A5-37-C7-8A:Secure-Wireless
Calling Station Identifier: C8-E2-65-62-AE-D5
NAS:
NAS IPv4 Address: 0.0.0.0
NAS IPv6 Address: -
NAS Identifier: 10.232.240.21/5246-Secure-Wireless
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: 1
RADIUS Client:
Client Friendly Name: AP-WS
Client IP Address: 10.123.123.1
Authentication Details:
Connection Request Policy Name: Secure Wireless Connections
Network Policy Name: -
Authentication Provider: Windows
Authentication Server: IIS22.LOCALDOMAIN.LOCAL
Authentication Type: EAP
EAP Type: -
Account Session Identifier: 36353945314330333030303034394342
Logging Results: Accounting information was written to the local log file.
Reason Code: 48
Reason: The connection request did not match any configured network policy.
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
Hello Peter,
Have you tried to capture the network traffic from a failing client or trace the nwifi.sys WPP ETW provider on the client? Analysis of that data should reveal why NPS was unable to negotiate the use of an EAP type with the client computer.
Gary
I was not so i think i had to move my NPS server to server 2022 and change the "auth method to smart card of certificate"
@john dole were you ever able to solve this ?
we are experiencing the same ....
Tried everything, from adding certificates of the root ca to the trusted publishers --> registry --> certrificates certificate store, to adding registry values to the SCHANNEL key , re-eneabeling tls 1.0 , googling for hours and hours, trying to figure out if there is a case-issue in the certificate used, (which is not the case)
Whatever i tried, windows 10 works fine, but windows 11 always gives the nps error 22
there is not a single W11 machine that i get connected, always the same result,
<Reason-Code data_type="0">22</Reason-Code></Event>
if i don't use computer certificates but authenticate over username / password everything works fine,
if anyone has an obvious reason for what this could be... it would be greatly appreciated.
Hello,
Are there any differences in how the Windows 11 clients' wireless network settings are configured compared to the working Windows 10 clients, particularly regarding EAP settings or certificates?
Performing a health check on the network configuration of a Windows 11 client and comparing it with that of a working Windows 10 client can help identify any issues.
Run netsh wlan show interfaces to display detailed information about the wireless network interface.
EAP - What's changed in Windows 11 | Microsoft Learn The article doesn't cover PEAP-MSCHAPv2 explicitly but does highlight that other EAP methods could also be affected by the stricter validation rules. Double-check your entire certificate infrastructure to ensure compatibility with Windows 11 standards.
Regards,
Karlie
