Microsoft NPS – “No Such Domain”
Recently, we have been seeing some access reject packets on our Microsoft NPS RADIUS servers complaining of “No Such Domain”. The clients are authenticating with EAP-TLS, and it is only impacting some of the clients in our domain.
The IAS Reason Code is 4142,7. The error message can be found below.
The resolution for this error in our particular case was to do with a mismatch between the CN of the certificate, and the UPN for the Active Directory object. This can be seen by comparing the username above, to the UPN displayed below.
The NPS server will take the CN of the certificate and search Active Directory. If the RADIUS server is unable to match the CN to any object in Active Directory, it will return “No such domain”.
Renaming the UPN to “[email protected]” resolved the issue.