RADIUS WiFi authentication stopped working

sparksitr-adv1 1 Reputation point
2021-09-30T13:13:48.7+00:00

Almost exactly 2 years ago, we setup RADIUS WiFi Authentication for our 4 sites, all with Unifi AP’s (Unifi Controller running on 1 server), connecting to Network Policy Server on our Domain Controller. Out of the blue last week, users at site A discovered WiFi was not connecting, then over the next few days users at site B & C discovered WiFi not connecting, but users as site D have NOT yet been impacted. NPS logs aren’t very helpful, but they do confirm the authentication requests are reaching the NPS server (screenshot below of the log details). We haven’t changed any configurations/settings. Our Certificate Server is on the same domain controller as the NPS and we confirmed the cert is not expired. Since this started occurring exactly 2 years from when we initially set it up and we have 1 site being effected at a time, it seems like something is expiring for each site after 2 years, but the only “site specific” components are the 4 sites in our Unifi AP infrastructure and there doesn’t seem to be anything in Unifi that would expire after 2 years. Maybe it’s just a coincidence. Please advise. Thank you.136699-radius.png

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,206 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,396 Reputation points
    2021-10-01T10:10:38.72+00:00

    Hello Sparksitradv1,

    Indeed is a curious because of the timely events. Trusting that you have thoroughly checked the NPS settings, Certificates, and no other changes were applied to the environment: I would suggest to dig deeper in the Error/Warning Security, Application and System events at the CA server and NPS server during the moments of auth rejected. Maybe you will find some unusual suspect there.

    From there I would also collect traces during a Site downtime:

    Advanced 802.1x data collection: https://learn.microsoft.com/en-us/windows/client-management/data-collection-for-802-authentication
    Troubleshooting: https://learn.microsoft.com/en-us/windows/client-management/advanced-troubleshooting-802-authentication

    Hope this helps with your query,

    ---------------------------------------------------------------------------------------------------------------------------------------

    As always if you have any questions please don't hesitate to contact us.

    0 comments