Laptop asking for "action needed" on NPS Computer auth WiFi connect, despite valid Server Thumbprint

Jasper

6/17/23, 9:17 AM

I have configured computer authentication on WiFi connect to company network, using the microsoft nps server, group policy certificate auto-enrollment and group-policy wifi config. Has been working just fine for several years.

Recently my laptop started showing this prompt upon each reboot/reconnect: "Continue connecting? If you expect to find X in this location, go ahead and connect"

So I checked the server thumbprint in the CA issued certificates, and it matches the thumbprint of the current and valid certificate assigned to the NPS server.

Also, this same certificate (with same expiration date) is configured in NPS server as cert to be used to prove identity:

Also, the root CA is configured in GPO as trusted root for NPS auth:

Furthermore the STL-SVRADMIN-CA is added as a trusted root CA on the laptop showing the action needed prompt:

The same cert is used for the IIS server on SVRADMIN which is validated just fine:

So the question: Why is this laptop prompting me for a go-ahead? It seems like it should be able to verify the NPS identity by the CA configured and server thumbprint shown in the prompt.

337

0 + 0

wifi

radius

certificate-authority

nps

windows-server-2012-r2

Greg Askew

6/17/23, 11:04 AM

See this: https://sysmansquad.com/2021/10/18/get-rid-of-the-continue-connecting-prompt-for-your-policy-configured-wifi-networks/

Jasper

6/17/23, 11:27 AM

Thanks @GregAskew for helping out, I edited my post with a screenshot of the settings your url refers to. Unfortunately the checkbox with the root CA in GPO wifi settings was already set so that's not the solution in my case.

Score:0

Server

Jasper

6/17/23, 11:33 AM

Alright so I found the solution, with some help from @GregAskew for pointing me in the right direction.

Apparently when you enter the FQDN in the "Protected EAP properties", this FQDN is case sensitive. (Can you believe it?)

After i changed the domain suffix from lowercase stl.local to uppercase STL.local, then issued a gpupdate /force and rebooted my laptop, everything worked again as before.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Laptop asking for "action needed" on NPS Computer auth WiFi connect, despite valid Server Thumbprint

TH: แล็ปท็อปขอ "การดำเนินการที่จำเป็น" ในการเชื่อมต่อ WiFi รับรองความถูกต้องของคอมพิวเตอร์ NPS แม้ว่าจะมีรหัสย่อของเซิร์ฟเวอร์ที่ถูกต้องก็ตาม

RO: Laptopul care solicită „acțiune necesară” pe conexiunea WiFi cu autentificare a computerului NPS, în ciuda amprentei valide ale serverului

RU: Ноутбук запрашивает «необходимо действие» при подключении Wi-Fi для проверки подлинности компьютера NPS, несмотря на действительный отпечаток сервера

VI: Máy tính xách tay yêu cầu "hành động cần thiết" trên NPS Máy tính xác thực kết nối WiFi, mặc dù Dấu vân tay máy chủ hợp lệ

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.