Menu 

NPS Policy Failure

Many companies use Windows Server Network Policy Server to control network access and authentication.  This works really well when you want to deploy secure wireless networks and use group policy to ensure that your wireless clients always connect securely to the networks you choose.  You can create various policies, for example, to use a RADUIS server to authenticate wireless clients so that users seamlessly connect.  Of course with these types of deployments you can almost always expect issues where the authentication does not work properly and will require troubleshooting.

I recently ran into an issue with a NPS policy that controlled wireless access for domain computers where the authentication was failing on the wireless NPS policy I had created.  After looking through the event logs, I found the following error:

“The message received was unexpected or badly formatted”

The specific event ID was 266.

This was really the only error I had to work with and after checking certificates etc. and making sure group policy was correct I was stumped.  After further research I found that the resolution was to add a specific registry key by doing the following:

Open regedit to the following key:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNEL

Create a new DWORD value SendTrustedIssuerList and set it to 0 (false)

Once I did this, the wireless client was able to connect successfully.  Basically, this registry key will prevent NPS from sending the trusted root certificates to clients.  Essentially there were too many root certificates being sent causing the error.  If you are running into a similar issues try this fix as there were no specific event errors pointing to this resolution.

Submit a Comment

Pin It on Pinterest

Share This