Hey everyone! I'm facing a weird issue with the WiFi at one of our remote sites where we use a WPA2 Enterprise secure network. The strange part is, I can see that the RADIUS call is authenticated and the client gets a DHCP address, but the WiFi still doesn't connect. It's set up on a UniFi system and all the workstations in the area have the same setup, so I'm puzzled. When I switch to a regular WPA2 network, everything works fine. It's only the RADIUS method that's causing headaches, regardless of whether I use certificate or username/password authentication.
I've checked the firewall logs, and everything seems to connect properly—the RADIUS call goes to NPS, and the connections request to the UniFi box is fine, but the client just won't fully connect. The setup is the same across all sites; only this location is having issues, which likely means it's a local network problem, but I can't figure out where to look.
For info, there's only one subnet and one VLAN on-site, and the site connects through a BOVPN. I've tried an any/any rule but that didn't help either. Any suggestions on how to troubleshoot this further? I'm running out of ideas.
P.S. I ran a WLAN report and found an EAP 25 error, which indicates an authentication issue, but I'm lost on where to pinpoint the problem.
3 Answers
Don’t forget to check the DNS settings. I’ve seen so many WiFi issues that boil down to DNS misconfigurations. Sometimes, you might get a DHCP lease, but if DNS isn’t resolving correctly, it can create a connection failure.
That's a head-scratcher! It sounds like the client gets the DHCP address while it’s in the process of authenticating, which is definitely odd. First, double-check to ensure the subnet for the APs is correctly configured in NPS and that the VLAN’s tagged properly on all AP ports. It would help to clarify how the DHCP and connection are interacting. Can you provide more details on that? I’d love to help you figure this out!
Have you tried testing the connection with different versions of Windows? Sometimes, issues can stem from OS-level compatibility, especially between Windows 10 and 11. It might at least narrow down where the problem is happening.
We actually have both versions on-site, and they’re behaving the same way, so that doesn’t seem to be the issue.
It's as I said; the connection process is confusing me too. When the user taps to connect, I see the RADIUS call and the NPS the acknowledges it, but then the client stalls when it’s supposed to finalize the connection. I wonder if Windows is showing an IP due to a previous connection to a WPA2 network before getting all confused.