I've read through many threads in the forums, and looked at various design guides and configuration instructions, including the technet article often referenced, PEAP-MS-CHAP v2-based Authentication, but I am still stuck...
I have a NPS setup on Windows Server 2008 R2. I have a policy setup and working and clients can authentication (Windows XP, Vista, 7) if the client configuration is changed to remove the setting for "Validate server certificate".
I have a wildcard certificate "*.southplainscollege.edu" installed on the RPS server issued from Verisign. I created it with the server authentication role. The certificate is working for LDAPS and IIS/SSL connections without any problems from clients. But, I can't get the Windows PEAP clients to work. I do not want to join the clients to the domain as these are not college owned computers, but personal computers for students and employees.
The only thing that might be missing is the certificate was not issued with the "SubjectAltName" tag. I just came across that option in an old technet article discussing IAS on Windows 2000/2003.
How can I do troubleshooting on the clients to find out where this is failing. As stated, authentication works when "Validate server certificate" is unchecked, but when it is checked, client authentication fails (the user is continuously prompted for their username and password).
Tim Winders | Associate Dean of Information Technology | South Plains College