I am having trouble in a Wireless 802.1x EAP-TLS (PEAP) environment using Windows Server 2008 R2 & NPS (AD PKI environment in place & working). Computer and User authentication via certificates is being used. On some computers (Win 7 & XP), users are not able to connect to the wireless system (Cisco WLC & APs) if they have not previously logged into the computer while plugged into the wired environment. I am thinking this is because the user certificate is not installed on the machine yet. Looking for confirmation of this. I should note that the user IS able to login for the first time so it authenticating against AD initially (probably because the computer account is connected to wireless at this point), it's just once they are logged in, the wireless will not connect (no user cert.).
The strange thing is, on some other brands/models of laptops we can connect to the wireless system right away after logging in as these same users on their first login to a particular machine. What is the expected behavior here? Any tips on getting these machines that need the user to login while wired first (to obtain the user cert.) to work without requiring the wired connection? If this is an expected behavior, it should never work without having the user sign on the first time while wired, right?
Thank you!
-Chris