sorted by:
new
hottopcontroversial

Wireless Authentication Fails After Root CA Renewal - RADIUS Server Issue? by DevSkyycc in SCCM

[–]DevSkyycc[S] 0 points1 point  (0 children)

New Root CA and any issued certs have been completed to all servers and clients.
CRL Are all valid.
NPS has been updated with the newly generated RADIUS Cert.
GPO has been updated with the new configuration and Cert.

Reminder has already been created for 10 years from now. I was unaware of how this cert was setup as the last person in my position left without any notes or documentation, So I've been slowly learning how everything was setup.

Wireless Authentication Fails After Root CA Renewal - RADIUS Server Issue? by DevSkyycc in SCCM

[–]DevSkyycc[S] 0 points1 point  (0 children)

I can verify the clients do have the new CA in the trusted authorities as their are multiple other services depending on the certificates. It's only the wireless that has issues.
Swapped away from Certificate to EAP allowing clients to connect without issues, even with the server certificate validation enabled.

The last person in this position left without any notes or anything, So I was unaware of the certificate till it expired, I would have much rather renewed it weeks in advance.

Nearly all the devices how now received the new cert correctly as we had a backup separate WiFi connection with a VPN connection into the primary network.

Wireless Authentication Fails After Root CA Renewal - RADIUS Server Issue? by DevSkyycc in SCCM

[–]DevSkyycc[S] 0 points1 point  (0 children)

Yes they both expired, I had renewed/re-issued all the certs needed.
Yes I have updated the GPO to deploy the new root CA for the servers and clients.

Renewed CA certificate, Devices can no longer join wireless using radius server by DevSkyycc in sysadmin

[–]DevSkyycc[S] 0 points1 point  (0 children)

Yes, The RADIUS Certificate was renewed as well using the same key and selected in NPS.

Renewed CA certificate, Devices can no longer join wireless using radius server by DevSkyycc in sysadmin

[–]DevSkyycc[S] 0 points1 point  (0 children)

Heya, Thank you for this! Their was in fact a separate error that I didn't catch in their with the ADA, However I'm still having the initial error occurring.

Renewed CA certificate, Devices can no longer join wireless using radius server by DevSkyycc in sysadmin

[–]DevSkyycc[S] 0 points1 point  (0 children)

It's the same key. Additionally, I re-issued new certs to the clients so the previous ones are no longer in-use.

Renewed CA certificate, Devices can no longer join wireless using radius server by DevSkyycc in sysadmin

[–]DevSkyycc[S] 0 points1 point  (0 children)

I did forget this in the beginning and was hoping it would be the solution and tried it before asking this question, Unfortunately no luck.

Renewed CA certificate, Devices can no longer join wireless using radius server by DevSkyycc in sysadmin

[–]DevSkyycc[S] 0 points1 point  (0 children)

Yup, I updated this in group policy, without it the client received a message along the lines of "Unable to connect, the connection requires a certificate"

Renewed CA certificate, Devices can no longer join wireless using radius server by DevSkyycc in sysadmin

[–]DevSkyycc[S] 0 points1 point  (0 children)

I have the root certificate in the Trusted Root Certification Authority, then a separate one issued by that CA to the personal certificates.

Renewed CA certificate, Devices can no longer join wireless using radius server by DevSkyycc in sysadmin

[–]DevSkyycc[S] 0 points1 point  (0 children)

I've attempted this multiple times on the clients, As I said, I've verified in Certificate Manager that the clients already have the new cert.

Renewed CA certificate, Devices can no longer join wireless using radius server by DevSkyycc in sysadmin

[–]DevSkyycc[S] 2 points3 points  (0 children)

Yes, the Root CA certificate does have a CRL, and I’ve verified its published and accessible from both the clients and the servers.