Our WiFi auth via NPS/RADIUS is dead and nobody can get on the network.
NPS is often a single point of failure: one server authenticates all access points. Restore first, then structurally add a second NPS alongside.
Try this first
- 1On the NPS server: confirm Network Policy Server service is running, open Event Viewer custom view 'Network Policy and Access Services', read recent events.
- 2Common causes: NPS certificate expired (PEAP/EAP-TLS rely on it), shared secret mismatch between AP and NPS, lost AD connectivity or LDAP rights.
- 3Test directly with a test account: ntradping or a similar tool against NPS, do not keep guessing over WiFi. At AP level: test page or debug logs.
- 4Are RADIUS clients (the APs) still registered correctly? Open NPS console, RADIUS Clients, check IP and shared secret per AP.
- 5After recovery, deploy a second NPS on a separate server, configure it as secondary in the AP setup, and schedule certificate rotation well before expiry.
When to bring us in
For larger environments or multiple SSIDs with different policies, consider ClearPass, FortiAuthenticator or a cloud RADIUS. Redundant by design with audit logs.
See also
- One DC or two DCs for an SMB office?Two is almost always the right answer; one DC is a single point of failure for logon, DNS and GPOs.
- Should I split FSMO roles across two DCs?For a small domain all on one DC is fine; with two DCs splitting is tidier but not required.
- How do I know my AD replication is healthy?Replication errors creep in silently; they only surface when logins or GPOs misbehave.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.