NPS Failure after moving to Server 2019

Scott Keith 0 Reputation points
2023-03-24T18:06:35.61+00:00 
I have Meraki AP's and am using radius for authentication. We were using server 2012 R2 and everything was fine. I stood up new 2019 DC's and migrated the radius configuration to the new DC. Now some computers will not connect to radius. In the event viewer logs I am getting event ID 6273, reason code 16. I have verified that the users are using the correct credentials, but really I'd like any domain joined computer to connect to WiFi when they boot up. 

For the Connection Request Policy I have:

Conditions - Nas Port Type Wirelsess - IEEE 802.11 OR Wireless - Other

Settings: Authentication local computer with override authentication disabled

For the Network Policy I have: 

Windows Groups - Domain Computers or Domain Users

NAS Port Type Wireless - IEEE 802.11 OR Wireless - Other

Authentication Methods - PEAP and EAP-MSCHAPv2

           PEAP is configured with our wildcard godaddy cert and enable fast reconnect.

                      Eap Types is Secured password (EAP-MSCHAP v2)

I've added TLS 1.1 to this server, ran updates on both the server and computers. The ones that are failing are all windows 10, although most computers connect just fine. I looked in the system event log under SCHANNEL and saw some TLS 1.1 and 1.2 errors, but those were from the 15th, with nothing new since then.

Any ideas?
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,170 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 43,951 Reputation points
    2023-03-27T12:24:55.3333333+00:00

    Hello there,

    As you cannot find anything new in the event viewer we might need to dig deeper with the process monitor to find the exact cause.

    The cause might also be that the firewall silently drops the Inbound traffic to ports UDP/1812 or UDP/1813.

    On Windows Server 2019 with the NPS role installed, open an admin command prompt & run the following command:

    1.sc sidtype IAS unrestricted

    2.Reboot the server

    3.Attempt the connection

    If it still doesn't work, the following may be required:

    Get-NetFirewallRule -DisplayGroup "Network Policy Server" | where DisplayName -like "RADIUS" | Set-NetFirewallRule -Service Any

    And to validate:

    Get-NetFirewallServiceFilter -PolicyStore ActiveStore | Format-Table - Property *

    Then check if the issue was resolved.

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments