I'vesetup anEnterprise Certificate Authority and it issued certificates to the DC, NPS Radius server (RAS and IAS cert template), and Windows Vista workstation (Workstation Authentication cert template).I've setup a NPS Radius server and configured the Connection Request Policies and Network Policies. The Network Policy is set to only use certificates for authentication, and the NPS Radius server certificate is selected for proof of identity.The Windows Vista workstation wireless connection is set to use WPA2-Enterprise, AES encryption, and Certificate Authentication. The Certificate Authentication is set as follows:-Use a certificate on this computer-Use simple certificate selection-Validate server certificate-Trusted Root Certification Authorities-My CA is selectedWhen I try to use the wireless connection, I receive an error: "A certificate is required to connect NETWORKNAME."I've validated that the CA, Radius server, and wireless access point are not causing problems, by selecting are security settings and successfully establishing a connection. For instance, I can set the Client and Radius server to use PEAP and EAP-MSCHAPv2 for authentication, and the wireless connection is established. However my requirement is to use EAP-TLS.I would really appreciate any help getting the Vista wireless connection to "find" the computer certificate that shows up in the computer's personal certificate store. ThanksUpdate:I noticed when I logged off or restarted the workstation, that I could ping it from the server. The wireless connection was working. So I requested a user certificate for a domain account, and when that user is logged into the workstation, the wireless connection also works. If I log into the workstation with an account without a user cert, the wireless connection is dropped and I receive the same error again:"A certificate is required to connect NETWORKNAME."So is there a way to use the computer certificate when a user is logged into the workstation? I would prefer to not issue user certificates for a few reasons. My users already have smartcards with certificates from another CA, and I wouldn't want to create confusion by adding new user certs into the mix when they try to access something. Also the user certs have to be requested/enrolled manually, and I don't want to manage that process (especially renewal) for hundreds of users, in addition to having to install those user certs on many workstations that are shared by multiple users.

Hi, Thank you for posting. To set the authentication mode in Windows Vista, we need modify the 802.1X network profile. Please refer to the following Knowledge: How to enable computer-only authentication for a 802.1X-based network in Windows Vista http://support.microsoft.com/default.aspx?scid=kb;EN-US;929847 Hope this helps. Thanks.Nicholas Li - MSFT