My server team recently added more higher security suite on the AD server( NPS server). TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA The next day all my user (windows 10) failed to connect to the ssid. Check on the event logs on NPS server it shows " the client and server cannot communicate because they don't possess a common algorithm". Revert the cipher suite setting on NPS server solve the issue. I did study all the cipher suite that enable on windows 10, all the above cipher are in the list. If that's the case, why my client still failed to authenticate?
... View more
