Is there a way to set NPS server connect to specific LDAP server(DC)?

KZMuser 21 Reputation points
2021-09-19T06:59:45.09+00:00

HI, all

I have a problem with NPS authentication for 802.1x PEAP-MS-CHAPV2 (Only machine authentication)

We have 3 sites (SiteA, SiteB, SiteC) in a domain environment

When a PC join domain, the computer object has created in SiteA DC.

When a joined PC has tried to connect to wireless SSID (802.1x PEAP-MS-CHAPV2 machine authentication)

The NPS server has not installed DC role, just member server.

the NPS log said ldap connection has made to SiteB DC and said specific computer object is not found.

So I checked all DCs in 3 sites, the computer object is not replicated yet from SiteA.

Is there a way to set NPS server always connect to specific SiteA DC first for authentication?

I added IP subnet of NPS server into AD siteA but ldap connection is not matter.

Also I saw a article for set all DCs into a Remote RADIUS server group. And set priority 1 of siteA DC.

Is that possible? The DC has only DC role (no NPS role).

Thank you

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,205 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,391 Reputation points
    2021-09-20T10:58:34.84+00:00

    Hello @KZMuser ,

    NPSs must be registered in Active Directory so that they have permission to read the dial-in properties of user accounts during the authorization process. Registering an NPS adds the server to the RAS and IAS Servers group in Active Directory.

    Membership in Administrators, or equivalent, is the minimum required to perform these procedures.

    To register an NPS in another domain by using Netsh commands for NPS
    Open Command Prompt or Windows PowerShell.

    Type the following at the command prompt: netsh nps add registeredserver domain server, and then press ENTER.

    In the preceding command, domain is the DNS domain name of the domain where you want to register the NPS, and server is the name of the NPS computer.

    https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-manage-register

    Hope this answers all your queries, if not please do repost back.
    If an Answer is helpful, please click "Accept Answer" and upvote it : )

  2. KZMuser 21 Reputation points
    2022-05-23T04:35:31.397+00:00

    It is resolved.

    After adding NPS server's IP subnet into Site A, ldap connection was established to DCs in Site A.

    Thank you

    0 comments