This has happened a few times across several clients, but a clear cut solution is not readily available via Google. Then countless hours are lost to troubleshooting 😉 This post hopes to correct both of those situations!
You wake up one day, and a previously working Windows 2008/R2 Network Policy Server (NPS) stops authenticating Windows wireless PEAP clients.
Sometimes when this happens, iPhones/iPads/Androids have been reportedly kept working, just all Windows and Mac systems are unable to connect to the Enterprise Wireless. This just adds to the madness.
In every case this has happened to us, no changes have been made to any part of the wireless infrastructure in months or years.
Related errors in the event log:
– An Access-Request message that does not contain a Message-Authenticator attribute
– A response that is a malformed message.
– A message received was unexpected or badly formatted
Here is what works for us:
1. Start the Network Policy Server MMC
2. Go to Policies->(Your Wireless Policy)->Properties
3. Go to the Constraints tab
4. Make note of the settings for the “Microsoft: Protected EAP (PEAP)” EAP type
5. Remove “Microsoft: Protected EAP (PEAP)” EAP type
6. Add “Microsoft: Smart Card or other certificate” EAP type
7. Click OK
8. Now re-add the “Microsoft: Protected EAP (PEAP)” EAP type, removing the “Microsoft: Smart Card or other certificate” EAP type
9. Click OK
10. Everything magically works again!
FYI… A really helpful RADIUS testing tool is available from Novell at http://www.novell.com/coolsolutions/tools/14377.html.