Dennis, How does that work? The two servers have different hostnames & DNS entries, I assume.
I do not think it would work in our NPS environment anyway. Our NPS servers are also Read-Only Domain Controllers (each in their own site). This removes the RADIUS server load from our production Domain Controllers. Bruce Osborne Wireless Network Engineer IT Network Services (434) 592-4229 LIBERTY UNIVERSITY 40 Years of Training Champions for Christ: 1971-2011 -----Original Message----- From: Dennis Xu [mailto:[email protected]] Sent: Monday, September 19, 2011 3:04 PM Subject: Re: Issue with Microsoft NPS certs and ipads/iphones We use the same certificate on two ACS servers for PEAP authentication to avoid the certificate warning when user connects to the 2nd ACS server. We haven't seen any issues with that. --- Dennis Xu Network Analyst, Computing and Communication Services University of Guelph 5198244120 x 56217 ----- Original Message ----- From: "Bob Richman" <[email protected]> To: [email protected] Sent: Monday, September 19, 2011 1:11:02 PM Subject: [WIRELESS-LAN] Issue with Microsoft NPS certs and ipads/iphones We have a new issue that popped up when we upgraded our radius backend for our dot1x/peap from 2 microsoft widows 2003 IAS servers with Equifax certs to 3 microsoft windows 2008 NPS servers with geotrust certs. What we have is issues with ipad/iphones that seem to only sometimes remember the cert they most recently accepted. So for example, an IPAD connecting to the wireless using NPS server 1 will prompt the user to accept and they get on. Subsequent attempts to an AP that uses that same server will work fine. But an attempt to another set of APs using server 2 will cause the user to have to accept the cert corresponding to the new server. We do use the Cloudpath installers, but they seem to be of no help here. So, we did change 2 things at once, new certs and going from IAS to NPS. Anyone having any issues like this? Thanks, Bob Richman University of Notre Dame. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
