Moved/planning to move to windows server 2016 from windows server 2008?
If the NPS role running on Windows server 2008R2 is just replaced by Windows server 2016, windows 7 clients might not be able to connect.
Configure the certificate on new windows server 2016 as shown below so that windows 7 clients can use that for authentication.
When requesting certificate from NPS server, make sure to select only ‘”Domain Controller” as shown below:
Once the certificate is issued, go to “Network and Policy Server” console > Policies > select the policy that is in use > Constrains > Authentication methods.
Make sure that Protected EAP is listed in EAP types. If not add it and go to Edit.
Select the newly created certificate for Authentication as shown below. Certificate can be identified by its validity end date or Friendly name.
You’re good to go. Windows 7 clients will use this certificate for authentication.
Please share your thoughts in the comment section below.