Forum Discussion
Certificate based authentication to WPA2-Enterprise network
I've recently reimaged a v1 surface hub with the 20H2 image and this time configured it as AAD Joined rather than domain joined. With it no longer domain joined, I am having trouble getting it to connect to our wireless network. I have a WiFi configuration profile assigned to the hub from Intune along with a PKCS certificate profile. The PKCS certificate profile assigns a computer certificate to the device, and the WiFi profile is set to use the certificate from that PKCS profile to authenticate to the network.
When I try to connect to the wireless network from the surface hub, I get the message "Can't connect because you need a certificate to sign in". Event logs on the hub show authentication failing with an Explicit EAP Failure, and EAP Root Cause string "The user certificate required for the network can't be found on the computer."
I am expecting the hub to authenticate using the computer certificate, not a user certificate. I have confirmed on the CA that a computer certificate was issued for this hub after I assigned the profile.
Has anyone else run into this? Any suggestions as to what I'm doing wrong?
5 Replies
Steve Whitcher - If anyone is having this issue I found a solution. It needs to be a User certificate or the WiFi profile can't find it. And also, if you join to azure ad while going through OOBE then Intune won't let you deploy a User cert to it. A way around this is to remove the device management account and re-add it, then the user cert should deploy.
Could you please advise how to make it a user certificate, I installed it as (current user) not (Local machine). But I still have same message "can't connect because you need a certificate to sign in".
Could you please send me the procedure step by step
