I'm trying to set up NPS and CA on a Windows Server 2022 system, using Intune to push a SCEP and Wi-Fi certificate according to Microsoft's guidelines. I confirmed that both certificates and the Wi-Fi profile are being received, but when I try to connect my iPhone, it fails almost instantly with an 'unable to join network' message. The logs from NPS show a Reason Code of 23, which indicates an error during the EAP process. After the first failure, the logs stop recording any entries related to the iPhone attempts, though I can see failures and successes with other devices. Android devices connect just fine, so I'm really confused about why this is happening with the iPhone. Any advice?
3 Answers
Keep in mind that NPS with EAP-TLS typically needs a computer object in Active Directory for authentication. That might be why you're running into issues. You might find it easier to switch to FreeRadius for iPhones instead.
Could you share a screenshot of your Intune Wi-Fi profile for iOS? It sounds like you're getting the certificate through the SCEP profile correctly. In my experience, those EAP errors are often due to configuration mismatches between the client and the NPS server.
I can share that tomorrow. I just noticed that the certificate validity period was set to 2 years instead of the 1 year that the template specifies. I'll adjust that and provide the screenshot.
Make sure you've selected the correct Root certificate in your Wi-Fi profile that matches your NPS setup. It’s easy to overlook this.
Yes, I’ve double-checked, and I only have one root certificate to push, and it's the correct one.
Thanks for the suggestion, but we're specifically working with Apple iPhones here.