Authentication failed due to a user credentials mismatch when you install August 2017 Updates on an NPS Server

Hi all,

We came across an interesting issue today after installing the August 2017 Windows updates on the servers in our test environment. After patching and rebooting our NPS server that we use for RADIUS authentication, we found that our test clients could no longer connect to our test wireless network.

We were seeing the following error in the NPS event log:

NPS Error 1

NPS Error 2

“Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.”

We can confirm that Microsoft has provided a workaround to this issue which is to create a DWORD in the registry to disable a client certificate check. This can be implemented by opening regedit.exe on your NPS server and going to the following location:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13\

In the above key create a DWORD called DisableEndEntityClientCertCheck and set the value of it to 0 and restart your NPS server.

NPS Error 3

Once we had done that we checked our test clients and they were able to connect to the test wireless network again! We confirmed that in the NPS event log:

NPS Error 4

You can find more information about this update for the different Windows Server operating systems below:

Windows Server 2016 – KB4034658

Windows Server 2012 R2 – KB4034681

Windows Server 2012 – KB4034665

Windows Server 2008 R2 – KB4034664

Hope that helps!

Post to Twitter

7 Comments

  1. Sergey

    Thank you very much! We have the same issue.

  2. alzoo

    we had the same issue too, however would love to know what is exactly going on here!

    If I understand correctly.. it seems the KB would have turned “on” disable the client Cert check so it no longer is being checked (which causes the problem) and this registry modification forces it to stay “off” so it is being checked… if that makes sense.

  3. Andyt

    Thank you for the information. We had the same issue in our company.

  4. JB

    Perfect, saved me a few hours digging. Thanks.

  5. N

    Thank you!

  6. Nico

    Hi,

    It works on windows 8, but not on windows 7 devices. Why ?

  7. Pete.B

    We have had the same issue but the reg key workaround isn’t resolving the issue. some clients are working ok but most clients are failing with the following error on the NPS Server

    Reason Code: 16
    Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.

    We are using Machine Certificates to authenticate.

Leave a Comment

Your email address will not be published. Required fields are marked *