This week after allowing the distribution of some updates (CA root updates, Malware) to my DC Servers, my Wireelss Controller (Ruckus) stoped working. None of the machines are authenticating via EAP/802.1X (it was ok in the last 8 weeks) My RADIUS configurations was not changed in any way DCs Win2008R2EnglishStandard + NPS/RADIUS+DNS+WINS User PCs: XP, 7 In my Win8Pro, i have the following errors: WLAN AutoConfig service failed to connect to a wireless network. Network Adapter: Broadcom 802.11n Network Adapter Interface GUID: {6020b72d-1d7d-4b49-b4e8-0f7a96486895} Connection Mode: Manual connection with a profile Profile Name: DOMAINNAME_NG SSID: DOMAINNAME_NG BSS Type: Infrastructure Failure Reason:The specific network is not available. RSSI: -35 Wireless security failed. Network Adapter: Broadcom 802.11n Network Adapter Interface GUID: {6020b72d-1d7d-4b49-b4e8-0f7a96486895} Local MAC Address: E0:06:E6:9A:9A:6C Network SSID: DOMAINNAME_NG BSS Type: Infrastructure Peer MAC Address: C4:01:7C:2B:8C:18 Reason: Explicit Eap failure received Error: 0x57 Wireless 802.1x authentication failed. Network Adapter: Broadcom 802.11n Network Adapter Interface GUID: {6020b72d-1d7d-4b49-b4e8-0f7a96486895} Local MAC Address: E0:06:E6:9A:9A:6C Network SSID: DOMAINNAME_NG BSS Type: Infrastructure Peer MAC Address: C4:01:7C:2B:8C:18 Identity: DOMAIN\USER_NAME User: USER_NAME Domain: DOMAIN Reason: Explicit Eap failure received Error: 0x57 EAP Reason: 0x57 EAP Root cause String: The parameter is incorrect. EAP Error: 0x57

I encountered the exact same problem on 12/14/2012 with EAP authentication for both my wireless network and my vpn clients. Same precise errors. I reviewed all the error logs on my Windows 7 clients (wireless and vpn) and my windows 2008R2 server as well as went over the configuration in NPS for all of these connections. Everything appeared to be configured properly and certificates were all valid. I came across a reference that only 12282 bytes of data can be sent by the NPS server for the root certificates. If a large number of root certificates are present on the NPS server, the certificate used for authentication may be located to far down the line so to speak and is not sent by the server for authentication as the list is apparently truncated by the server. Thus, EAP authentication suddenly fails as it did in my case when it had been working flawlessly for over a year. By deleting the unnecessary root certificates, EAP authentication suddenly worked fine for both my wireless and vpn clients. Only a few root certificates are actually needed by the operating system to function and your own certificates used for authentication in the Trusted Root Certification Authorities. By deleting the ones not needed by your organization, EAP should start working again.................it did for me!

I deleted 10 root certificates on personal em computer stores and restarted NPS Service and the problem didnt go away. Do you think i need to reboot the DCs? (DCs are NPSs)

I noticed an article related to your problem but it doesnt apply to me (http://support.microsoft.com/kb/933430/en-us) beucase the articles is related to Win2003.

I tried the reg key in the article http://support.microsoft.com/kb/933430/en-us and it worked for me only restarting the NPS Service before the test Now my Win8 client shows: WLAN AutoConfig service started a connection to a wireless network. Wireless network association started. Encryption: TKIP 802.1X Enabled: Yes Wireless network association succeeded. Management Frame Protection Enabled: 0x300000000 Wireless security started. FIPS Mode: Disabled 802.1x Enabled: Yes Wireless 802.1x authentication started. Eap Information: Type 25, Vendor ID 0, Vendor Type 0, Author ID 0 Wireless 802.1x authentication succeeded. Wireless security succeeded. Wireless security stopped. Security Hint: The operation was successful.

I went to this article to find the necessary root certificates for the Windows 2008R2 operating system (http://support.microsoft.com/?id=293781). I deleted all the root certificates that were not used by my system or business on the authentication server for the NPS service. Not necessary to do this on the client workstations. I did not reboot the servers.

I liked the apporach of deleting certificates, but they tend to occur again in the future, dont you think? Im afraind of falling in the same problem again and again, only "pushing" the problem forward insted solving ina effective way. The GPO and RegKey approachs are worst in terms of security but theyre "long term" solution for low security environments. Noticed that the articles mentions WIn2003 but my problem is on WIn2008R2 and apparently MS ont solved the problem

I agree but I felt security was more important than convenience. The root certificate updates occur about 2-3x per year and now that I have seen the problem and worked around it, I can do it again. It is also very fast and does not require a reboot of the servers.