I have created a GPO and linked it to a test OU. This GPO has Windows 7 Wireless Policy that directs the machines to auth on the network with PEAP in computer auth mode.
This auth is being done with certificates. When connecting it should Validate the server certificate, via our NPS server, trusting some third party CA.
Now, the problem lies when these settings actually get applied to a machine, everything carries over except for "Trusted Root Certification Authorities" configuration. While in the GPO we have a specific CA trusted, on the client there are no CAs Trusted.
If I configure the machine manually, by configuring the trust root CAs myself, I am able to connect perfectly.
What could be preventing the GP from being applied in this situation?
Trusted Root CAs is one of those GPs that MUST be set either in the Default Domain Policy (not recommended) or another one at the domain root. You can only have one policy for the domain.
Verify that there is only one certificate policy in effect for your domain. This can be done by running a GP result on the machine in question.