This was a toughy to figure out so I’ve decided to share. I recently deployed a few dozen Meraki MR52 wireless access points (WAP) throughout a building. Windows 10, Android, iPhone and Macs were all able to connect without issue. Windows 7 users were not able to connect at all.
For authentication we are using RADIUS as provided by Microsoft Network Policy Server (NPS) on Windows 2016. The NPS is on the domain controller, so no need for messing around with certificates (or so I was told). When a user normally connects to the WAP, they will be prompted to enter their Active Directory credentials – no preshared key necessary. As mentioned before, it works just find for everyone, but not at all for Windows 7. Under Windows 7, when you enter your credentials, you get a simple “Windows was unable to connect to YourWifiSSID”.
The issue here is that the certificate on the domain controller is missing the Subject field, it is blank. While other operating systems do not care about the is omission, Windows 7 and earlier will not authenticate against a RADIUS server that is missing this field.
The fix is very simple, replace the certificate on the server. This can be done by self-generating your own certificate through a variety of methods or simply buying one from a recognized certificate authority. I was able to to select another local certificate which did have the Subject field populated.
Once you have the certificate installed on your server, you must then select it in NPS. This is rather easy to do, but a little difficult to find. See below.