IOS – iPhone will not connect to corporate WPA2/Enterprise network

iosiphoneNetworkwifi

Starting today all iPhones on our corporate network are unable to connect to any of the 4 WiFi access points. I had no issues as of yesterday.

Android devices and laptops have no issues. IOS versions tested are 8.2 and 8.4.

I have rebooted the authentication/NPS server. "Forgot the network" on the phone and also went to General, Reset, Reset Network Settings.

Forgetting the network, then reconnecting does not prompt to accept the certificate any longer also.

I have changed the "Dial-in" settings on the user's Active Directory account to Allow Access and the error is still generated below. I have since switched them back to "Control access through NPS Network Policy" and the settings on the Network Policies has a checkmark for "Ignore user account dial-in properties"

Here are the settings:
enter image description here

This is the error the server.

Network Policy Server denied access to a user.



Contact the Network Policy Server administrator for more information.



User:

    Security ID:            MYDOMAIN\user1

    Account Name:            user1

    Account Domain:            MYDOMAIN

    Fully Qualified Account Name:    MYDOMAIN\user1



Client Machine:

    Security ID:            NULL SID

    Account Name:            -

    Fully Qualified Account Name:    -

    OS-Version:            -

    Called Station Identifier:        48f8b3a10979

    Calling Station Identifier:        285aeb54d31e



NAS:

    NAS IPv4 Address:        192.168.x.23

    NAS IPv6 Address:        -

    NAS Identifier:            48f8b3a10979

    NAS Port-Type:            Wireless - IEEE 802.11

    NAS Port:            25



RADIUS Client:

    Client Friendly Name:        Cisco EA6300 Wireless AP2 (Back Plant)

    Client IP Address:            192.168.x.23



Authentication Details:

    Connection Request Policy Name:    Secure Wireless Connections

    Network Policy Name:        Connections to other access servers

    Authentication Provider:        Windows

    Authentication Server:        AUTHSERVER.MYDOMAIN.com

    Authentication Type:        EAP

    EAP Type:            -

    Account Session Identifier:        -

    Logging Results:            Accounting information was written to the local log file.

    Reason Code:            65

    Reason:                The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.

Best Answer

Solution:

Create a new RADIUS server for 802.1X wireless of wired connection standard configuration.

Used the same exact settings as the previous connection request policies and network policies. Deleted the old ones.

Related Question