We have a Network Access protection server on a windows server 2012 box configured against 20 devices. and it works perfectly for all but 2 devices that won't work with it no matter what we do. these use a configuration Template that is the same as 13 of the working devices (cisco meraki devices).
The testing we have done. is as follows
From a working Device.
- tested a valid account , followed the traffic across our network to the server ,at each stage we can see the Valid Traffic, on NAP logs we can see the Request being approved and in Event Viewer we can follow the request policies . and we can follow the traffic back.
- tested a invalid account , again we can see all stages and in the NPS log the deny in event viewer the Deny event.
from the not working device.
- testing a valid account We can see the request traffic across the network we can see it reach the server , but neither the NAP log or Event viewer show request completed or failed. and no traffic is returned to the device.
- test from a invalid account. We can see the request traffic across the network we can see it reach the server, and we can see the invalid request in the logs and event viewer.
As you can see this is an oddity that we currently can't explain we know the traffic can respond to invalid requests so communication is there. the device uses a default configuration that works else where and all the same firewall rules are applied to working sites and the broken sites. I've had Microsoft investigate the server and they say the configuration is correct and there is nothing wrong and CISCO have confirmed the device configuration is valid and correct.
so basically we are at wits end has anyone come across anything similar and if so how did you resolve.
thanks in advance.