I have been dealing with getting this working for some time now. I am not entirely sure what you will all need from me, and I can give whatever you need to assist.
We are using Cisco MS switches and want to implement 802.1x EAP-TLS over Ethernet and have our NPS authenticate the user and place that user on the VLAN they belong in, which is handled by User Group within NPS Conditions. The server has RequireMsgAuth and LimitProxyState to disabled (KB5043417: RADIUS authentication to NPS might fail with the July 2024 security update and later upda...).
While running a packet capture on an end point device utilizing a port with the Meraki Access Policy for 802.1x and the NPS I do see it trying to authenticate, however, it stops at "Access-Request" on the NPS Wireshark log. NPS event viewer does not show anything. Checking CAPI2 logs (certificate logs) on the end device in Event Viewer I see no certificate issues.
I verified that all certs are applied, auth method is set to Smart Card... on both NPS side and 802.3 group policy side yet still cannot authenticate. The NPS is also our domain controller and yes, all computers can do what they need on the DC without issue.
I am sure there is MUCH more info I could give, so please feel free to ask.
Thank you!