NAP – How to connect workstations using Network Access Protection to a RADIUS server
Setup:
Radius Server – Windows server 2012 R2 Standard with NAP installed and configured
Wireless – Cisco Meraki M32 Wireless Access Points connected to a MX firewall.
Issue:
When Clients are connecting to a Wireless network using 802.11 or WPA2 Enterprise they are showing in the event viewer on the radius server as Non-NAP Capable and quarantined.
Event ID: 6276
Authentication Details:
Connection Request Policy Name: NAP 802.1X (Wireless)
Network Policy Name: NAP 802.1X (Wireless) Non NAP-Capable
Authentication Provider: Windows
Authentication Type: PEAP
EAP Type: Microsoft: Secured password (EAP-MSCHAP v2)
Quarantine Information:
Result: Quarantined
Cause:
This occurs if the client is not setup correctly causing them to show as Non-NAP Capable.
Resolution:
There are a few Settings that need to be enabled on the client and most/all of the settings below can be pushed out by a group policy.
1) Make Sure the Network Access Protection Service is running
2) As there is a delay when the wireless network connects you need to start the NAP service after the wireless.
This can be done by going to the following entry in the registry and making the change below:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WlanSvc
Update the DependOnService entry and add napagent.
The entry should look similar to the below. You will need to reboot the client for the registry change to take effect.
NOTE: The service WCMSVC below is only required for Windows 8 workstations.
3) Enable the Following Setting in:
GPO Manager > Computer Configuration > Policies > Windows Settings > Security Settings > Network Access Protection > NAP Client Configuration > Enforcement Clients
4) On the Client Machine go to Network and Sharing
Select adaptor settings > Right click the Wireless connection once connected to the wireless connection > Select Status > Wireless Properties > Security Tab > Settings > Select Enforce Network Access Protection > Select OK on all open windows.
Office 365 Updates
- Microsoft Hybrid Cloud for Enterprise ArchitectsThis poster tells the cross-cloud story on hybrid cloud architecture and scenarios for Azure, Office 365, Microsoft Intune, and Dynamics 365.
- Office 2016 Deployment ToolThe Office 2016 Deployment Tool allows the administrator to customize and manage Office 2016 Click-to-Run deployments. This tool will help adminstrators to manage installations sources, product/language combinations, and deployment configuration options for Office Click-to-Run.
- Microsoft Cloud - Financial Services Compliance ProgramDescribes the Financial Services Compliance Program for Microsoft Cloud Services
- Office 365 Sales Discussion GuideOffice 365 is a cloud-based service that’s always up to date, easy to manage, and is available in a variety of plans to meet your specific needs.
- Email in Office 365 Sales GuideGet business-class email with Office 365
Microsoft Security Updates
- Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB4018271)A security issue has been identified in a Microsoft software product that could affect your system.
- Security Update for Windows 8 for x64-based Systems (KB4022839)A security issue has been identified in a Microsoft software product that could affect your system.
- Security Update for Windows Server 2003 for x64-based Systems (KB4018466)A security issue has been identified in a Microsoft software product that could affect your system.
- Security Update for Windows XP SP2 for x64-based Systems (KB4018466)A security issue has been identified in a Microsoft software product that could affect your system.
- Security Update for Windows 8 (KB4022839)A security issue has been identified in a Microsoft software product that could affect your system.
Recent Comments