question

sparksitradv1-0670 avatar image
0 Votes"
sparksitradv1-0670 asked LimitlessTechnology-2700 answered

RADIUS WiFi authentication stopped working

Almost exactly 2 years ago, we setup RADIUS WiFi Authentication for our 4 sites, all with Unifi AP’s (Unifi Controller running on 1 server), connecting to Network Policy Server on our Domain Controller. Out of the blue last week, users at site A discovered WiFi was not connecting, then over the next few days users at site B & C discovered WiFi not connecting, but users as site D have NOT yet been impacted. NPS logs aren’t very helpful, but they do confirm the authentication requests are reaching the NPS server (screenshot below of the log details). We haven’t changed any configurations/settings. Our Certificate Server is on the same domain controller as the NPS and we confirmed the cert is not expired. Since this started occurring exactly 2 years from when we initially set it up and we have 1 site being effected at a time, it seems like something is expiring for each site after 2 years, but the only “site specific” components are the 4 sites in our Unifi AP infrastructure and there doesn’t seem to be anything in Unifi that would expire after 2 years. Maybe it’s just a coincidence. Please advise. Thank you.136699-radius.png


windows-network-access-protection
radius.png (8.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello Sparksitradv1,

Indeed is a curious because of the timely events. Trusting that you have thoroughly checked the NPS settings, Certificates, and no other changes were applied to the environment: I would suggest to dig deeper in the Error/Warning Security, Application and System events at the CA server and NPS server during the moments of auth rejected. Maybe you will find some unusual suspect there.

From there I would also collect traces during a Site downtime:

Advanced 802.1x data collection: https://docs.microsoft.com/en-us/windows/client-management/data-collection-for-802-authentication
Troubleshooting: https://docs.microsoft.com/en-us/windows/client-management/advanced-troubleshooting-802-authentication

Hope this helps with your query,



As always if you have any questions please don't hesitate to contact us.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.