Meraki Community

RADIUS is running on NPS Windows 2016 Datacenter

AP is Meraki MR33

I have tried just about everything I can think of in this configuration and cannot get a connection. I have looked over some of the other articles in the forum also but no success. If anyone can point out a flaw or something I have missed here it would be greatly appreciated! Config info is text and can attach screenshots if anyone needs them for reference for RADIUS server, GPO applied and Meraki config. 

Following NPS configuration information:

NPS Server, WIN 2016 DC

Enrolled in AD Services

Certificate from CA applied

RADIUS Clients: 10.0.0.0/8 

Manually Generated Shared Secret correct between devices 

Vendor Name as RADIUS Standard

Connection Request Policies:

Policy: enabled

Type of server: unspecified

Conditions:

NAS Port type: Wireless IEEE 802.11 OR Wireless Other

Settings:

Authentication: authenticate requests on this server

No Accounting

Attribute type: Caller-Station-Id

No other settings applied

Network Policies:

Policy: enabled

Grant Access

Ignore user account dial-in properties

Type of server: unspecified

Conditions:

Wireless IEEE 802.11 OR Wireless Other

User Groups: (domain name)\domain users and (domain name)\domain computers

Constraints:

Auth methods EAP Types (in listed order top to bottom): MS Secured Password EAP_CHAP v2,  MS Protected EAP (PEAP,) MS Smart Card or other cert

Idle Timeout, Session Timeout, CallerStation ID and day/time restrictions not configured/default

NAS Port Type: Wireless IEEE 802.11 OR Wireless Other

Settings:

Framed Protocol: PPP

Service Type: Framed

Vendor specific: none

BAP: server settings determine...

IP filters: none

Encryption: 40, 56 and 128 checked, no encryption is NOT checked

IP Settings: Server settings determines...

GPO: no inheritance from other GPO's and only GPO in the test OU

Comp config-Security-wireless-new

Policy Name: RADIUS-TEST

Properties:

General Tab: Policy name and description same name

Use Windows WLAN autoconfig service for clients CHECKED

SSID "RADIUSTEST" 

Network Permissions:

Infrastructure

Allow

NO other boxes checked

SSID Profile RADIUSTEST:

Connection tab: SSID RADIUSTEST

all Connect boxes checked

Security tab:

WPA2-Enterprise

AES_CCMP

Network auth method: PEAP  -Properties: Verify server, cert server is checked, tell if server cant be identified, auth method is EAP-MSCHAP v2     -Advanced: PMK caching  is only box checked

Auth mode: User or computer

Cache information is checked

Meraki config:

MR33 AP connected to MX67

AP has static internal address assigned

Gateway is correct

SSID: RADIUSTEST

WPA2-Enterprise with my RADIUS server

WPA encryption: 1 and 2 allowed

802.11 r/w: disabled

No splash page

Radius server IP, port 1812, shared secret from NPS 

No accounting, proxy  or group policies

Bridge mode

VLAN tagging

VLAN ID:  # for wireless vlan on appliance

Ignore VLAN attributes in RADIUS responses

No Content filter or Bonjour forwarding

I can successfully ping the NPS server from my Meraki appliance and the Meraki appliance from my NPS server

Checked shared secret three times to verify it was input correctly3

I keep thinking this may be a cert issue, as I can find nothing I have NOT done based on other threads with similar issue. Anyone want to take a stab at this with me?