I am trying to setup NPS as RADIUS for wireless router which should allow authenticaion by typeing in AD user credentials. The laptops that are connecting to the wireless router are not joined in the AD basically sales people that do not need to be joined in the domain but when they are in the office they can use the wireless by entering AD user (a guest account that i will create and pass it on) and connect to internet. Then i have users with laptops and joined in the AD who should use the same wireless router and authenticate them self with their AD user credentials and gain access to network resources. I have AD server 2003, NPS is on 2008, Wireless router WPA2 and 802.1x. I have a Win 7 laptop and when i try to connect to the wireless router it asks me for User & Pass when i put in my userid and pass it does not go through. Now if i go in Wireless Network Connections from Manage wireless connection (control panel) and create a wireless profile then try to connect to wireless router it works. I dont want to create wireless profile for users. I just want the users to find the Wireless router and double click to join it and get user & password box and they should supply AD user and password and gain access. With my same setup if i try to connect my iPhone to the wireless router it asks me the user credential i supply my domain userid and pass and i get connected. does anyone know how can i get this working?

Hi Ninja01, Thanks for posting here. > I have a Win 7 laptop and when i try to connect to the wireless router it asks me for User & Pass when i put in my userid and pass it does not go through. Now if i go in Wireless Network Connections from Manage wireless connection (control panel) and create a wireless profile then try to connect to wireless router it works. Have you also included domain name when input username? Try this : “ <domain name>\<user name> “ or “ <user name>@<domain name> “ Thanks Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thanks for replying Tiger Li. I tried both options. Domain\UserName and User@Domain but no success.

Hi Ninja01, Thanks for update. > I have a Win 7 laptop and when i try to connect to the wireless router it asks me for User & Pass when i put in my userid and pass it does not go through. Now if i go in Wireless Network Connections from Manage wireless connection (control panel) and create a wireless profile then try to connect to wireless router it works. So could you discuss the profile you set for Windows 7 hosts in detail ? which options you were set ? for example, the network or 802.1x authentication method…etc. In my view, if you have deployed active directory and joined the clients into domain ,why not just set wireless connection for all clients by group policy? and this should more easier for you to manage wireless connection and improve user’s experience. Using Group Policy to Configure Wireless Network Settings http://technet.microsoft.com/en-us/magazine/gg266419.aspx Thanks. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Ninja01, If there is any update on this issue, please feel free to let us know. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Well i creaed a new lab for wireless. and i have a windows 2008 server with AD and NPS installed. I have a wireless router with WPA2 and it also talks back to the NPS server. i am facing the same issue with this as well. i have iphone when i try to join the wireless i get userid and password prompt once i put that i get a certificate prompt once i accept it i get IP and can get on the internet through the wireless. Now on the the laptop side its setup on a different domain. so i created a wireless profile. this is the property info on that. Connection tab : Connect automatically when network in range: Checked Security tab: WPA2, AES authentication PEAP, Remember my credentials:unchecked Settings: Protected EAP Properties window. I have Validate Server Cert:checkded Authentication Mode (EAP-MSCHAP V2) unchecked Automatically user my Windows logon name and password(and domain if any) with this i get a promp when i want to connect. i put in the userid and password (domain administrator) and it doesnt connect. in the NPS server log i get event id 6273 Network Policy Server denied access to a user. its strange because it authenticates the same user on my iphone but not on the laptop(win7) Anyway i want the setup to be like how i join the iphone. so anyone on the netwok even if they are not part of the domain can use the wireless.

Well i creaed a new lab for wireless. and i have a windows 2008 server with AD and NPS installed. I have a wireless router with WPA2 and it also talks back to the NPS server. i am facing the same issue with this as well. i have iphone when i try to join the wireless i get userid and password prompt once i put that i get a certificate prompt once i accept it i get IP and can get on the internet through the wireless. Now on the the laptop side its setup on a different domain. so i created a wireless profile. this is the property info on that. Connection tab : Connect automatically when network in range: Checked Security tab: WPA2, AES authentication PEAP, Remember my credentials:unchecked Settings: Protected EAP Properties window. I have Validate Server Cert:checkded Authentication Mode (EAP-MSCHAP V2) unchecked Automatically user my Windows logon name and password(and domain if any) with this i get a promp when i want to connect. i put in the userid and password (domain administrator) and it doesnt connect. in the NPS server log i get event id 6273 Network Policy Server denied access to a user. its strange because it authenticates the same user on my iphone but not on the laptop(win7) Anyway i want the setup to be like how i join the iphone. so anyone on the netwok even if they are not part of the domain can use the wireless. i just unched Validate Server Certificated from my laptop's wirelss profile and it connected. but i really dont want to create profile's just simply search for wireless network find my wireless router, double click it. it should ask for user and password, authenticate from AD and join.

Hi Ninja01, Thanks for posting here. If uncheck the “ Validate Server Certificated “ options was worked out, I suspect that incorrect certificate setting on client or server side may cause this issue. Have you deployed NPS server certificates ? have you also assigned the proper root certificate for clients ? you may set the 802.1x wireless policy on radius server by running the wizard: Create NPS Policies for 802.1X Wireless Using a Wizard http://technet.microsoft.com/en-us/library/dd183706(WS.10).aspx We also recommend take time to read our 802.1x authenticated wireless network deployment guide first if you are going to deploy it in production environment: Foundation Network Companion Guide: Deploying 802.1X Authenticated Wireless Access with PEAP-MS-CHAP v2 http://technet.microsoft.com/en-us/library/dd183603(WS.10).aspx Thanks. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Tiger Li, The thing is that i do not want to create profiles on any wireless user's computers. We get many sales people that come in for a day sit's in our conference room and want to be able to get on the internet using wireless. Their laptops are not joined in the AD there for i would create a user in AD that will give them access to get on the internet. ex. I want to create a internetuser@mydoamin and have this printed out and have it posted in the our conference room so anyone that comes here and want to get on the internet they will double click on my wireless router which should ask for userid and password once they put in internetuser@mydoamin and password they should be able to get on the internet. And is there a way to not use the Server Certificate?

Were you able to resolve the issue?

i got cought up with other tasks and been busy with it. but still no solution.

Using PEAP always requires a server certificate! If the issuer of the NPS server certificate is trusted by the client then the default config should work, so why not purchase a test certificate from any trusted issuer like Verisign or Go Daddy and configure your NPS to use it /Hasain