[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.

Post Reply 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[T57W] 802.1X EAP-TLS Authentication problem
Author Message
HelmiSokrates Offline
Junior Member

Posts: 1
Joined: Aug 2023
Reputation: 0
Post: #1
Question [T57W] 802.1X EAP-TLS Authentication problem

we are struggling with implementing 802.1x Authentication on our T57W phones.
But NPS denies the connection due to different reasons.

I'll try to explain our config as simple as possible:

Active Directory
Created AD user with MAC address as username

Microsoft CA (server role)
General / Publish in AD: yes
Certificate template for Client Authentication
Subject Name / Build from AD information: yes
Subject Name / Build from AD information / settings: Fully dist. name, include UPN
Issuance Requirements / This number of authorized signatures: 1
Request Handling / Purpose: Signature and encryption
Request Handling / Allow private key to be exported: yes
Request Handling / Enroll subject without requiring user input: yes
Cryptography / Provider Category: Key Storage Provider
Cryptography / Algorithm: ECDH_P384
Cryptography / Minimum size: 384
Cryptography / Provider: Microsoft Software Key Storage Provider
Cryptography / Request Hash: SHA256

-> I created a cert from this template on behalf of the user created before and this cert is available in the users "Published Certificates" tab

Phone UI settings
For testing I configured the settings directly via the Phone UI (attachment 802.1x_DeviceSettings.png).
  • here i uploaded the user certificate as device certificate
  • CA cert is our root CA certificate
  • identity is the MAC adress of the phone
  • MD5 pwd is empty

Microsoft NPS

NPS Connection Request Policy
User Name regex MAC address
Authentication: Local Computer
-> this works

NPS Network Policy
Nas Port Type = Ethernet
User Groups = AD group that contains specified AD user
Authentication Methods = EAP/PEAP (with EAP type "smartcard or certificate")
Certificate for identification: server cert of NPS server

NPS show following in the event log (shortened):

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

Security ID: DOMAIN\123456789012
Account Name: 123456789012
Account Domain: DOMAIN
Fully Qualified Account Name: domain.local/802.1X/Phones/123456789012

Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
Called Station Identifier: 10-4f-58-97-ba-00
Calling Station Identifier: 12-34-56-78-90-12

Authentication Details:
Connection Request Policy Name: ConReqPolPhone
Network Policy Name: NetPolPhone
Authentication Provider: Windows
Authentication Server: server.domain.local
Authentication Type: PEAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 300
Reason: No credentials are available in the security package

I think I missed a simple setting or something like that, but I don't have any idea what I can try else.

I also read the Whitepaper before, but that doesn't help me:


Attached File(s) Thumbnail(s)
08-08-2023 01:38 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 

Messages In This Thread
[T57W] 802.1X EAP-TLS Authentication problem - HelmiSokrates - 08-08-2023 01:38 PM

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Different ringers for BLF's on T57W twood 0 215 11-09-2023 06:02 AM
Last Post: twood
  T57W Call Muffled bcramer 2 616 10-13-2023 08:00 AM
Last Post: bcramer
  T57W randomly rebooting mmarino51589 4 1,936 05-25-2023 02:54 PM
Last Post: CREPSBX
  Telecoil Mode T57W Flask8612 0 737 04-10-2023 08:38 PM
Last Post: Flask8612
Sad T57W Multiple Issues pamsGA 0 924 04-04-2023 12:35 AM
Last Post: pamsGA
  T57W using for Teams Telephony ck@itgnt.com 1 1,332 03-17-2023 08:27 PM
Last Post: complex1
  T57W remote phonebook with contact images glaeser 0 747 03-10-2023 04:18 PM
Last Post: glaeser
  T57W LDAP delays wp92 0 1,262 03-05-2023 10:52 PM
Last Post: wp92
  Conecting Problem schlitzohr144 5 2,947 12-17-2022 01:02 AM
Last Post: complex1
  T57W on firmware call central 0 1,846 12-14-2022 09:04 PM
Last Post: call central

Forum Jump:

User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication