Some Radius wifi clients cannot logon

We are retiring a Server 2003 Radius server and moving to NPS on Windows 2012 R2.

I chose to build a new root certificate authority rather than migrate the old one. The new NPS server is also the PDC FSMO role master. We use user certificates for wifi authentication.

Wireless clients can logon if they are Windows 8 or iOS devices. Windows XP and 7 clients all fail. If I un-check validate server certificate, then some clients can then logon.

I have verified the CA root certificate, the user certificate with private key, the NPS certificate. Everything seems to be correct. The user certificate is in the Personal/Certificates store. The CA cert is in the Trusted Root Certification Authorities store.

The NPS policy is "smart card" with the proper NPS certificate presented.

What's crazy is on iPads, you can see the iPad download the correct CA certificate and ask if you accept it. So I know all the shared secrets and access point stuff is correct. But when XP or 7 tries to connect, it fails.

NPS log shows return-code 16, but the certificate is the correct one, and its a valid account, (mine). I've run out of ideas. Any suggestions?

<Event>
<Timestamp data_type="4">08/04/2014 20:02:22.067</Timestamp>
<Computer-Name data_type="1">MEGATRON</Computer-Name>
<Event-Source data_type="1">IAS</Event-Source>
<Class data_type="1">311 1 192.168.0.7 08/04/2014 21:36:55 70</Class>
<EAP-Friendly-Name data_type="1">Microsoft: Smart Card or other certificate</EAP-Friendly-Name>
<Quarantine-Update-Non-Compliant data_type="0">0</Quarantine-Update-Non-Compliant>
<Client-IP-Address data_type="3">192.168.0.5</Client-IP-Address>
<Client-Vendor data_type="0">0</Client-Vendor>
<Client-Friendly-Name data_type="1">sophos</Client-Friendly-Name>
<Proxy-Policy-Name data_type="1">NAP 802.1X (Wireless)</Proxy-Policy-Name>
<Provider-Type data_type="0">1</Provider-Type>
<SAM-Account-Name data_type="1">DOMAIN\user</SAM-Account-Name>
<Fully-Qualifed-User-Name data_type="1">DOMAIN\user</Fully-Qualifed-User-Name>
<Authentication-Type data_type="0">5</Authentication-Type>
<NP-Policy-Name data_type="1">Wifi</NP-Policy-Name>
<Packet-Type data_type="0">3</Packet-Type>
<Reason-Code data_type="0">16</Reason-Code>
</Event>

Some Radius wifi clients cannot logon

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

Ominde Commission Report and Recommendations – Ominde Report of 1964

Bureau of Internal Revenue: Regional Offices (Directory)

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

Mp3 Download: Mdu - Kunjenjenjena

How the kill the job , when DTP request running for long hours.

Microsoft Intune から展開しているアプリのアップデートについて

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

Car crash in Dunton Bassett leaves driver in critical condition

Macky 2, Two Others In Road Accident

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

Detroit mafia: D’Anna Brothers agree to plea deal

Delivery block field greyed out using VA02

Muloraki Au

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出ｗ【リベンジポルノ】＠PornHub

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

FIAT 500 B0111 B0112