you have to give it some cert, doesn't matter which one even, I still use just my nps server's self signed cert, but it NEEDS one to be able to use mschap and to authenticate correctly, recently I've installed ad ca role on my nps server which broke this and I had to recreate self signed in nps policy to get it going again. ... View more

No, it works just fine, been using it for several years across multiple deployments.   Make sure you set your certificate in nps policy to allow it to communicate with meraki securely, even unsigned will do.  ... View more

Well here goes my first reply;   I just had to through this issue myself, turns out, when you install AD CA role on the server, NPS server will automagically decide I don't like the previous cert, let's use the wildcard you've just added to your CA role. Problem is, I not only don't distribute that cert yet but prefer uncerted selfsigned cert for now.   Anyway, 50ish borked clients, had to manually go back into NPS role and change mschap to use my selfsigned cert, gpupdate for deployed profile to update and we're back on as expected.     ... View more