I have a Windows 2008 Std server running NPS. After applying the latest round of updates (including Root Certificates for April 2012 KB931125 (See:http://support.microsoft.com/kb/933430/)), EAP authentication is failing due to being malformed.
Sample error (Security/Event ID 6273), truncated for brevity:
Authentication Details:
Proxy Policy Name: Use Windows authentication for all users
Network Policy Name: Wireless Access
Authentication Provider: Windows
Authentication Server: nps-host.corp.contoso.com
Authentication Type: PEAP
EAP Type: -
Account Session Identifier: -
Reason Code: 266
Reason: The message received was unexpected or badly formatted.
The NPS policy (Wireless Access) is configured accordingly (for Constraints/Authentication methods)
EAP Types:
Microsoft: Protected EAP (PEAP) - with a valid certificate from ADCS
Microsoft: Secured password (EAP-MSCHAP v2)
Less secure authentication methods:
Microsoft Encrypted Authentication version 2 (MS-CHAP-v2)
User can change password after it has expired
Microsoft Encrypted Authentication (MS-CHAP)
User can change password after it has expired
We've tested a different RADIUS server without the aforementioned patch, and removed EAP as an authentication type and experienced success.
Has anyone else experienced this issue?