Network policy with processing order 2 or above is not getting executed

Question

I have two policy one for PEAP and other for TLS, when the PEAP policy is having priority 1, clients are able to connect in PEAP and not in TLS.
and when the TLS policy is set to priority 1,clients are able to connect in TLS and not in PEAP.
Error on the server is " Negotiation failed. Proposed methods list from peer is invalid"
error number is 1005.
what could be the Issue?

Answer 1

Hi there,

The underlying issue might be that your Windows server has been configured in such a way so that TLS version 1.0 and 1.1 were disabled, only TLS 1.2 is allowed. However, NPS might still be defaulting to TLS version 1.0.

It might also be due to an invalid PKI certificate or NAP issue.

Here is an article as well for Troubleshooting NAP
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd348461(v=ws.10)?redirectedfrom=MSDN

Hope this resolves your Query!!

---------------------------------------------------------------------------------------------------------------------------------------------------------------

--If the reply is helpful, please Upvote and Accept it as an answer-

Answer 2

@Limitless Technology
Hi ,

Connection to TLS is not the issue,I am successfully able to connect to TLS when the EAP-TLS processing order is set to 1.But when the processing order is set to 2, The client sends a NAK, asking for TLS, and windows server does not accept the NAK and fails the EAP.

why is windows server not accepting the NAK from the clients and switching over to the next mtd, which is TLS.

Thanks
Nishanth

Answer 3