Jasper's questions

I have configured computer authentication on WiFi connect to company network, using the microsoft nps server, group policy certificate auto-enrollment and group-policy wifi config. Has been working just fine for several years.

Recently my laptop started showing this prompt upon each reboot/reconnect: "Continue connecting? If you expect to find X in this location, go ahead and connect"

So I checked the server thumbprint in the CA issued certificates, and it matches the thumbprint of the current and valid certificate assigned to the NPS server.

Also, this same certificate (with same expiration date) is configured in NPS server as cert to be used to prove identity:

Also, the root CA is configured in GPO as trusted root for NPS auth:

Furthermore the STL-SVRADMIN-CA is added as a trusted root CA on the laptop showing the action needed prompt:

The same cert is used for the IIS server on SVRADMIN which is validated just fine:

So the question: Why is this laptop prompting me for a go-ahead? It seems like it should be able to verify the NPS identity by the CA configured and server thumbprint shown in the prompt.

How can I scan for any statically configured IP addresses in use, within a Windows Server DHCP scope, of which the DHCP server is not aware?

I'm dealing with a network I inherited on which I found devices configured with a static IP within the DHCP server scope (without a matching configured reservation). DHCP leases for new (or clients roaming between VLAN's) within this scope sometimes take a long time to register. Also WiFi clients sometimes get configured with an APIPA address.

I want to rule out faulty static IP configurations within the IPV4 scope being the cause of this.