i am running this on Server 2012.

but if its a bad key shouldnt i see it somewhere??

 

i am using radius only for corp network and the ip's will be forwarded via dhcp from our lan.

Nope. It logs nothing - nudda - if the key is wrong.

great.

 

any other possibilities of why this is not working?

@PhilipDAth is likely correct, the most common issue is a mismatched shared secret between the AP and RADIUS server, but it could sometimes be fat-fingered IP address settings and a UDP port mismatch (make sure it's using 1812 and not some other port like 1645).  Any of those things would likely cause radio silence from the RADIUS server.

its definitely 1812 and i have confirmed the password with 2 different people its definetly right.

 

i am using my account with and without domain prefix and confirmed the password.

my admin account has access to NPS server so i am not sure what else can be wrong.

 

this is is annoying the living daylights out of me.

 

Are you using an actual wireless client/supplicant or the "Test" button on the Access Control page in Dashboard?  You already ran packet captures and/or ran it by Support to assist with some pcaps?  Let's see what is or isn't traversing the AP.  

i am doing test via dashboard of meraki

Even the ports and shared secret is right, and still you face the issue with connectivity??, then it would be radius server is not allowing the AP which you are trying to connect, there is an option to alloow the MAC address of AP in RADIUS and allow subnet of the AP in the RADIUS.. please ensure both.

I have had issues with NPS many times where it doesn't log anything to the event viewer, like it should.  Enable the option to log to a TXT file.  By default it writes it out to:

c:\windows\system32\LogFiles

And the files begin with IN*.  As long as the RADIUS secret is correct it will log success and failed responses there.  They are a pain to read.

Hi Philip,

 

i did check that location but i dont see any files with IN. all i see are multiple subfolders but nothing says as radius server related.

In NPS right click the NPS server and select "properties".  Make sure you have ticked to logged accepted and rejected connections.

logs are ticked for authentication success n reject.

 iam verifying your other reply

yup i have all that.

removed the checks under constraints and testing now.

Lets check some basics (I'm assuming you are using WPA2-Enterprise mode):

• Are you running an Enterprise CA?
• Have you requested a certificate from that CA for the NPS server?
• In Policies/Network Profiles:
  • On the Overview tab tick "Ignore user account dial-in properties"
  • I normally set a "Condition" that Nas-Port-Type=Wireless
    • Under "Constraints/Authentication Methods" un-tick all methods.  Add PEAP.  Edit PEAP and make sure the certificate you requested above is selected.  Under EAP-Types make sure only EAP-MSCHAPv2 is selected.

will try this and let you know

currently i have only added AP ip which is on different subnet compared to our corporate subnet.

so not sure if there is a point of adding the entire subnet

What connects these two subnets?  Layer 3 switch, router, firewall?

 

Does the NPS server run antivirus that also contains a firewall?

 

Is Windows Firewall enabled on the NPS server?  If so, has it got an exclusion for the 1812 and 1813 ports?

i might have to check the certificate its getting.

to my understanding all my settings are correct.

 

going through the certifcate requirement for this. let me see how i go.

 

 

For what it's worth, I was having this exact same issue with a Windows Server 2019 VM running NPS. Meraki could not connect to it, the key was right, the settings were right, everything was right. I rebooted the server and it suddenly started working.

Can I ask you this?

 

My MR42s gave been crapping out only on one of the radius SSIDs.

 

Did you notice something similar.

 

They could connect to NPS, but not to internet. sporadic in random parts of the building.

 

Is there a way to scedule weekly AP reboots all at once and I could just run them on Saturday at like 3am?

Thank you! This helped as the AP was relocated from another location and assigned new IP. I had to remove the AP from NPS and re-add with new IP/manual generated password. WORKED!