802.X Access control with NPS (and AD CA for certificates)
I currently have set up so that my company's both wired and wireless network gets 802.X authentication.
I have also set up so that both wired and wireless gets verified on the server's identify by validating the certificate and have Active Directory CA auto-enrollment setup to push out the server's certificate.
Everything works great but have a problem with new computers. (or newly OS installed computers)
The problem is that when I join a computer to a domain and reboot, it fails to connect to network saying Error 265 : "The certificate chain was issued by an authority that is not trusted." I am suspecting that the 802.X policy kicks in before the computer gets a chance to receive certificate via GPO. Only way to get around this is to connect to company's guest wireless network and run 'gpupdate /force' to force update GPO to receive the certificates then everything works fine.
Is there a way to fallback to guest Vlan when 802.X fails? I am also thinking to disable certificate verification on Wired network as I am not sure there is much value to it assuming physical security of our company is decent.
Any help would be appreciated.
(My client computer runs on Windows 10 and AD/ADCA/NPS are running under Windows Server 2016.
Re: 802.X Access control with NPS (and AD CA for certificates)
noted on this. i will share to you my scenario. currently, we have a catalyst switch installed so I connect my new Meraki switch to through trunking. my additional question is do i need to create a guest vlan also on my existing catalyst switch?