This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 30%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
We've been having a strange problem related to 802.1x authentication using internal CA certificates against a wireless network that uses 802.1x authentication. Most of the computers don't have issues but this problem crops up on newly setup machines which have acquired internal certs for 802.1X authentication recently. The Explicit EAP error 0x9009030C pops up from the endpoint Windows 11 pc end. On the Windows NPS RADIUS server side, we see eventlog ID 6273 "Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect." Sometimes I can wire up the laptop and have the user login then the error goes away and wifi connects using 802.1x authentication miraculously. Often times, I need to remote to the pc and launch certificate management console as a domain account that is a local admin on the laptop and launch certificate management console to "request new certificate" then the problem also gets fixed. However, I do not have the real root cause that's causing this problem.
Anyone has any similar experience or insight on this?
Disabled option "Verify the server's identity by validating the certificate" option inside group policy that governs the WLAN 802.1x authentication settings. This seems to have fixed most of the problems.
I referenced this article:
I don't see why reverse server side certificate check is ever necessary when an internal CA is used for our 802.1x authentication infrastructure. This shortened the amount of time for wifi connection also, especially during high bandwidth usage inside our SD-WAN.
Disabled option "Verify the server's identity by validating the certificate" option inside group policy that governs the WLAN 802.1x authentication settings. This seems to have fixed most of the problems.
I referenced this article:
I don't see why reverse server side certificate check is ever necessary when an internal CA is used for our 802.1x authentication infrastructure. This shortened the amount of time for wifi connection also, especially during high bandwidth usage inside our SD-WAN.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 9%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKG%3C/text%3E%3C/svg%3E)
Had the same experience but with wired connection, troubleshooted a lot and noticed that in network capture in non-working device EAPOL packets are missing from authentication session. Re-enrolling the personal certificate did resolved the problem, but i guess that this is more workaround than a solution. Thanks for hint @Ronnieshi
