Hi Team, we have some wifi ap authenticating AD users through cisco ACS5.3 and ACS point to IAS on win2003 servers for radius proxy, this works well. One of the sites need to setup a NPS on win2008, so I was planning to turn the previous IAS to be backup server and new NPS to be primary. After I did the same setting on the NPS as the old IAS and changed the order on ACS, which point to NPS for primary Radius proxy, I got the error''message-authenticator attribute that is not valid'' in the event log and users authentication discarded. And it didn't go to secondary IAS for authentication either. The settings are almost same, only thing is I couldn't find " Ignor-user-dialin-properties" in the NPS while it exists in IAS. Is this setting a must? (where is it on NPS?)I also tried to re-type the share secret, same issue. Any advice please? And why the IAS did not take effect when the authentication didn't work on the primary NPS? Thanks!
Thanks and best regards, -- KF