GPO to force specific machine to authenticate self with 802.1x Certificate authentication

Танер Расим 21 Reputation points
2020-11-10T10:26:28.3+00:00

Hello all,

I need your help with 802.1x certificate authentication.

Could you tell me more details about troubleshooting 802.1x authentication with a certificate?

My topology is:
Microsoft Windows Server with Radius Server <------> WLC 5520 Controller <------> AP access point <------>Client laptop.

The goal is to be able to authenticate the Client laptop with a certificate using 802.1x standard

But the problem is with GPO in Microsoft Server to force accept 802.1x authentication with a certificate only one client laptop machine.
But something is wrong, I think something is wrong with GPO.

From where I can start to troubleshoot?

I suspect WPA2 enterprise with domain user name and password is work 802.1x authentication but how can I be sure in that the certificate is used too?

The behavior now is to accept all machines in the domain with domain user name and password.

Someone with experience with this?

I will be happy to receive your comments and advices.

Thanks.

Best regards!

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,317 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Fan Fan 15,326 Reputation points Microsoft Vendor
    2020-11-11T02:43:06.647+00:00

    Hi,
    Welcome to share here!
    When you said something is wrong with GPO, what errors do you see ?
    Was the GPO applied successfully or not applied?
    Run gpudpate /force , any errors ?
    Run the command as administrator: gpresult /h report.html. Confirm if the GPO was applied.
    To check if the certificate was used and the configuration details you can refer to the following link:
    https://integratingit.wordpress.com/2019/07/13/configuring-windows-gpo-for-802-1x-authentication/
    https://www.raydbg.com/2017/How-to-Configure-Wired-Authentication-Settings-via-GPO/
    Please note: The given technical support contact information belongs to a third party and may vary without notice. Microsoft does not guarantee the information accuracy.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.