Windows Server 2016 - Error EapHost when connecting to NPS from Cisco Access Point

Haraldur Blondal 6 Reputation points
2022-09-19T07:31:53.363+00:00

I have a simple setup: Cisco Access Point (old one AIR-CAP3502I-E-K9), and it is connected to an older Cisco Switch, and to the switch, the same VLAN, I have a Windows 2016 server.

The server has RADIUS, NPS, to authenticate clients connecting to the AP.

When I connect with password and username to the WEP-Enterprise I get the following on the AP:

Associated KEY_MGMT[WPA]

Then the connection fails for the client and this comes

Deauthenticating station xxxx.xxxx.xxxx Reason: Sending station has left the BSS

I check the Event Viewer on the Windows Server and I see I get an application error for EapHost:

Eap method DLL path name validation failed. Error: typeId = 254, authorId=311, vendorId=14122, vendorType= 1

So I go to Register Editor and to ** HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EapHost\Methods\311\254\14122\1**

There I find one .dll file: ** WcnEapPeerProxy.dll** that should be in the System32 folder. But when I search the System32 directory there is non to be found (as it says in the EapHost error message).

I am very new to all this and am playing with a lab setup, I am wondering if this might be the reason for me not getting a connection, rather than some configuration settings in my NPS?

Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
535 questions
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. Limitless Technology 44,211 Reputation points
    2022-09-21T15:21:47.53+00:00

    Hello there,

    Can you post some screen shots of your NPS configuration or can you do an export and post that so we can see if your setting up NPS correctly?

    The clients need to trust the NPS server. The AP should only be passing the cert to NPS.

    To further troubleshooting, please enable NPS trace log following steps below:

    1. Trace start, run "netsh ras set tr * en"
    2. Power on one client to authenticate
    3. Trace stop, run "netsh ras set tr * dis"
      The log will save to Windows\tracing directory\IASSAM.log, you can review the log to Troubleshoot further.

    -----------------------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.