A client had issue with the network authentication 802.1X. After doing some digging in the NPS logs, I found the cause in the event viewer :
NPS error 262: The supplied message is incomplete. The signature was not verified
This means that the certificate was expired for the Network policy server role on the Radius server. You can easily check it up when looking at the mmc console and adding the certificate module.
On the previous screenshot, you can see that I already renewed the certificate. But It was only for 1 years instead of 3 years configured (see below) on the certificat model used by DC to generate the certificate.
By default, you can only renew the certificat for 2 years altough the GUI let you input what you want, in my example 3 years. Then, when you wanna generate a certificate on the Radius server side, you still have a 1 year expiration certificate.
You can extend the expiration time with these commande on the Cert authority server.
C:\Windows\system32>certutil -setreg CA\ValidityPeriod "Years"
C:\Windows\system32>certutil -setreg CA\ValidityPeriodUnits 3
Ancienne valeur :
ValidityPeriodUnits REG_DWORD = 2
Nouvelle valeur :
ValidityPeriodUnits REG_DWORD = 3
C:\Windows\system32> net stop certsvc
C:\Windows\system32> net start certsvc