Hello,
I'm working in my organization to deploy a Wireless infrastructure for employees access.
My idea was to use PEAP security using our AD domain and NPS.
My lab is working perfectly. Motorola AP and a DC that provide also the role of NPS.
In the real world we have the same Motorola AP but our NPS (joined to the domain) and CA reside in the same Windows 2008 Enterprise server and the DC is on a different Windows 2008 standard server machine .
Same configuration but not able to connect with any mobile device. The local NPS certificate use the same Template generated by the AD CS.
The NPS doesn't show any attempt to connect but the NPS log file shows the following:
<Event><Timestamp data_type="4">05/31/2013 12:35:42.755</Timestamp><Computer-Name data_type="1">SDBFI-RADIUS01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Acct-Session-Id
data_type="1">70CB7B5E-980C8201F159-0000000088</Acct-Session-Id><Calling-Station-Id data_type="1">98-0C-82-01-F1-59</Calling-Station-Id><Called-Station-Id data_type="1">00-15-70-CB-E2-F1:SDB-OFFICE</Called-Station-Id><Vendor-Specific
data_type="2">00000184020C5344422D4F4646494345</Vendor-Specific><NAS-Port data_type="0">1</NAS-Port><NAS-Port-Type data_type="0">19</NAS-Port-Type><Framed-MTU data_type="0">1400</Framed-MTU><Service-Type
data_type="0">2</Service-Type><NAS-IP-Address data_type="3">10.118.118.253</NAS-IP-Address><NAS-Identifier data_type="1">sdbit-ap01</NAS-Identifier><NAS-Port-Id data_type="1">radio1</NAS-Port-Id><Connect-Info
data_type="1">CONNECT 65Mbps 802.11bgn</Connect-Info><Client-IP-Address data_type="3">10.118.118.253</Client-IP-Address><Client-Vendor data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Class1</Client-Friendly-Name><User-Name
data_type="1">paolo.caforio</User-Name><Proxy-Policy-Name data_type="1">Secure Wireless Connections</Proxy-Policy-Name><Provider-Type data_type="0">1</Provider-Type><SAM-Account-Name data_type="1">INTRANET\paolo.caforio</SAM-Account-Name><Fully-Qualifed-User-Name
data_type="1">INTRANET\paolo.caforio</Fully-Qualifed-User-Name><Class data_type="1">311 1 10.101.1.52 05/29/2013 16:58:59 479</Class><Packet-Type data_type="0">1</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
<Event><Timestamp data_type="4">05/31/2013 12:35:42.755</Timestamp><Computer-Name data_type="1">SDBFI-RADIUS01</Computer-Name><Event-Source data_type="1">IAS</Event-Source><Acct-Session-Id
data_type="1">70CB7B5E-980C8201F159-0000000088</Acct-Session-Id><Class data_type="1">311 1 10.101.1.52 05/29/2013 16:58:59 479</Class><Session-Timeout data_type="0">30</Session-Timeout><Fully-Qualifed-User-Name
data_type="1">INTRANET\paolo.caforio</Fully-Qualifed-User-Name><SAM-Account-Name data_type="1">INTRANET\paolo.caforio</SAM-Account-Name><Client-IP-Address data_type="3">10.118.118.253</Client-IP-Address><Client-Vendor
data_type="0">0</Client-Vendor><Client-Friendly-Name data_type="1">Class1</Client-Friendly-Name><Proxy-Policy-Name data_type="1">Secure Wireless Connections</Proxy-Policy-Name><Provider-Type
data_type="0">1</Provider-Type><Packet-Type data_type="0">11</Packet-Type><Reason-Code data_type="0">0</Reason-Code></Event>
I didn't find any document that suggest to have the NPS on a DC, therefore I would prefer to keep the two roles on different machines.
Can you suggest a solution to this problem?
thanks,
Paolo