Hi All,
I have NPS running on Server 2008 R2 Datacenter. The only other service running on the box is IIS and File services (it is not used as a file server).
We have a Cisco WiFi network using a Cisco 2500 Wireless LAN Controller (WLC) with dozens of APs.
We have several hundred IOS devices (mostly iphone 6 and 6S and 7 and Ipad and Ipad Pro) connecting to the wifi using certificates issued to the users from our internal CA.
This was all working fine when we set it up a year ago.
Suddenly, several months ago I started noticing that some Ipads were not connecting to the wifi. For example a user would have both an iphone and ipad and the iphone would connect fine and the ipad using the same user cert would not connect.
I should mention that we use Airwatch as our MDM platform and The user certs are applied to the user profile in Airwatch.
The ipads that aren't working follow no specific pattern. They are all different IOS versions and different models. Some are even wifi and Cellular data models.
I have involved Cisco tech support and the conclusion was that the WLC and its setup is fine and the Logs on the WLC show that the authentication is being rejected by the NPS.
the NPS logs show Event ID 6273; Audit Failure;
Description: Network Policy Server denied access to a user;
Reason code: 23;
Reason: An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
I can't identify what changed except a certificate on the server.
Any help is very much appreciated.