Few months ago we deployed an Aruba solution (3200 controllers with RAP-2/5 access points) to provide remote access to small and medium office and teleworkers to our systems and provide wireless services.
The deployment was really smooth, but we had some difficulties to link our newly defined user roles to existing ldap (AD) groups to provide access based on authentication results. The configuration was simple and well documented on Aruba website, however the integration with our existing NPS server (previously used for RD gateway authentication) was not working as expected: wireless authentication was at best slow to complete and most of time was only going through an infinite loop of re-authentication. Almost no information was available on system logs, both on Aruba controller and on Windows system. At that time, our quick and fun solution was to install a Freeradius server and integrate it to AD.
Today, I had some free time… and decided to take a second look at that NPS server. Luckily, it didn’t take time to figure out the problem. It was a problem with the “Accounting” feature of NPS. The server was configured to account to a SQL server database, running on a different server. Options were set not to fallback to text logging and to discard the connection if the logging failed. Although logging to the SQL server was working perfectly fine for the RD Gateway server, it was what caused the issue. As soon as I switched to text logging, everything began to work fine.
After some tests, the best alternative was to configure to log to SQL and fallback to text logging. When comparing logs, I can see that more than 9 times on 10, SQL logging don’t work.