If I run that same test from the Meraki dashboard it fails but my radius is working fine with NPS.  I think I called Meraki about that a long time ago but I can't remember what they said about the reliability of that test.  So you may want to try connecting an actual client to your SSID to test. 

Hi Adam,

Thanks for that recommendation, I will test it.

Regards,

Julián

Hi Markus,

I don't know very much about servers, I have to check the detail configuration with customer. So far I know there are two Windows Servers with AD, in each Windows Server I have aggregated the RADIUS role, Microsoft NPS. I know each Windows Server has its own AD, but I don't know if they are in the same cluster or not (I guess so because customer told me the configurations in both ADs are replicated automatically, but I don't know if that has to do with AD clusters or not).

Regards,

Julián

Yes, AD is replicating automatically, but NPS is not. The config needs to be manually synched between the two servers.
Maybe you should check this is the case.

In my setup the check in dashboard was successfull for all RADIUS servers.

I agree with @Markus comment.  The NPS config on each server will be important to review.  There are a lot of moving parts to make sure NPS is configured properly on both the server and also on the clients (GPO).  Shared secret, Policy Conditions/Constraints, etc...

Hi guys,

Just in case, do you know how difficult is the synchronization of RADIUS servers? Because I have googled out and seen that a PowerShell script is needed. If it is very difficult I will tell customer to implement it.

Regards,

Julián

You can also export and import the config in the GUI if you want.

Hi Markus,

I don't understand, what do you mean?

Regards,

Julián

In the NPS GUI you can export the config as XML and import it on the other NPS so they are in sync with the config.

Hi Markus,

OK, I understand, I will try it. Thank you very much!

Regards,

Julián

Hi Markus and Adam,

One more question about that. I have delete the primary RADIUS server under Wireless > Access control > RADIUS servers and left the secondary server and try to authenticate, it was unsuccessful. Is this correct? If I authenticate with only one RADIUS server (the secondary) and get EAP failure is it due to previous RADIUS synchronization problem?

Regards,

Julián

Yes... It actually does not matter whether you have one or two RADIUS Servers configured. Both of them need to be successfull.

If you get an error, there is a problem with the RADIUS Server or the credentials. In your case I think it is the NPS.

I‘d recommend to have a look into the NPS log.

Did you check that already?

Did you export and import the NPS Config?

Hi Markus,

I have just exported the NPS configuration of the primary RADIUS server and imported to the secondary RADIUS server. I have deleted the primary RADIUS server in the dashboard and the authentication is still unsuccessful. The NPS log is the same I sent you. Do you guess something?

Regards,

Julián

What does the NPS log say when you try to authenticate? Are you using this NPS server for anything other than the Meraki AP's? Can you ping the NPS server from the subnet where the AP's are (management interface)? 

Hi MRCUR,

Yeah, that's right and thanks for your help.

Regards,

Julián

For syncing two NPS you can have a look here:

https://deployhappiness.com/two-network-policy-server-tricks-subnets-and-syncing/