NPS Authenticating with Computer Certificate

Stefano Colombo 221 Reputation points
2020-12-04T16:55:57.673+00:00

I'm having issue while trying to setup certificate based computer authentication with NPS
I've deployed a certificate on the NPS and the computers from internal Microsoft CA
Created a network connection policy with "Microsoft Smartcard or other certificate" as EAP type
I got the error below

log file.
Reason Code: 22
Reason: The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.

Following another thread I also tried to lower the FRAME-MTU size to 1344 but didn't solve

If I use Microsoft PEAP instead it works .

Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
547 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Sunny Qi 11,046 Reputation points Microsoft Vendor
    2020-12-07T06:19:24.443+00:00

    Hi,

    Thanks for posting in Q&A platform.

    Could you please help to verify the NPS server was configured to authenticate which kind of client?

    Microsoft: Smart Card or other certificate=EAP-TLS, please make sure that computer certificate and user certificate was installed correctly.

    The following table is the requirements for each authentication method supported by NPS.

    45661-image-1.png

    For more details regarding of Certificate requirements, please refer to the following Microsoft article.

    Certificate requirements when you use EAP-TLS or PEAP with EAP-TLS

    Regarding of Reason Code: 22, please refer to the following article.

    Microsoft Network Policy Server (NPS) Error Code 22

    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    Best Regards,
    Sunny


    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.