Hi all,
I come to you with a strange issue:
Environment
2012 R2 with NPS installed.
- I have created a Connection request policy for NAS port type with 802.1X wireless - IEEE 802.11 and others Wireless other.
- One network policy with grant access, conditions:
- NAS port type similar with Connections Request
- Windows Groups where a OU is pointed
Constrains:
- Authentication method I have Microsoft smart card or other certificate
Now the with this configurations all computers wit certificates can connect using a Cisco Access Point who is client to this Radius server.
My problem, I was revoked the certificate but the computer still can connct to the wireless. A new CRL was released and the revoked certificate is there. I delete all the disk crl cache from RADIUS, I have reconfigured ServerCacheTime in SCHANEL two minutes, nothing work. Computer with the revoked certificate still connect. I have read about TLS cache in SCHANEL that has a cache of 10 hour but we hae shrink that to two minutes. In our test the certificate was revoked 3 hours before our test.
Any suggestions :) ?
in logs:
Network Policy Server granted access to a user.
Network Policy Server granted full access to a user because the host met the defined health policy.