have a strange issue.
Are primary NPS (2008R2) authenticating against AD has been working a long time. The cert expired and that server was recently patched. Cert was renewed, installed and the policy updated to start using it. Sometime between all of this (COVID-19 no one in the office to notice) Windows10 clients can no longer connect and the logs on the NPS server show the right clients/policy/etc.. but always deny access based on:
Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
If I test auth from the Meraki portal using that same u/p it works fine. If I push auth to another radius server in our environment those Windows10 clients can connect without issue. Obviously, different server, different cert but identical policies. I have tired everything, recreating the policy. update the pres-hared key, disabling cert check on local clients, enabling TLS1.2 but nothing seems to matter.
Note OSX/Andorid have no issues connecting via the same policy/NPS server..Just seems to be windows 10 machines.
Does anyone have any ideas that can help me figure this out?