So I have been working through this some. I have a Microsoft NPS radius server that worked fine with 10.1, but upon upgrading to 10.2 RADIUS authentications have failed. It appears to be the TLS version which is causing the problem. By default my NPS server only uses TLS 1.0, but 10.2 requires a minimum of TLS 1.1, and I have only got it working with TLS 1.2.
To enabled TLS 1.2 on NPS I had to add a registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\EAP\13 Dword called TlsVersion
Value is a hex OR of
TLS 1.0 0xC0
TLS 1.1 0x300
TLS 1.2 0xC00
So the downside I am finding, I have to enable TLS 1.2 which gets 10.2 working, but then it breaks my 10.1 firewalls.
Even when I use the value 0xF30
... View more