Ruckus, domain not available and EAP-TLS
We're running a Ruckus wireless system here and although generally very happy with it we find the Windows XP (SP3) clients regularly fail to connect with the error '<domain> not available'
This is running WPA2-AES with Radius and computer authentication. As we have lots of netbooks/laptops this is a fairly frequent and annoying problem. It can always be fixed by hard wiring the netbook, running GPUpdate and then rebooting so its not an issue with the wireless side.
So, I'd like to try and set this up to use client certificates (EAP-TLS) to remove any issues with the XP client losing settings. I've got auto enrollment on and the clients show a valid certificate from our internal CA. I've set the wireless connection to use 'Smart card or other certificate' and specified the CA in the server list. The clients can see the WLAN but always fail to connect with the error 'Windows cannot find a certificate to log you on..' which is where it all falls apart!
I can see the local machine certificate and thats fine, the CA is fine and the wireless is fine. So can XP SP3 copy with EAP-TLS or am I just stuck with the problem?
I've already check MS article 929847 and set the AuthMode to computer authentication only but thats made no difference!
Edit: I've just found the following error being logged in the IAS server:
'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider'
I've checked on the IAS server and our CA is in the Trusted Root CA list and has 4 years before expiry!