Network Policy Server error message 'Negotiation failed. No available EAP methods'

Solution 1:

Putting this out there in case it helps anyone else who is struggling with this same error message as I was. In my case the underlying issue was that my Windows server had been configured so that TLS version 1.0 and 1.1 were disabled, only TLS 1.2 is allowed. However NPS was still defaulting to TLS version 1.0.

In my case this had been configured via GPO by our server admins.

I was able to manually set NPS to use TLS 1.2 in the registry, following these instructions:

https://support.microsoft.com/en-us/help/2977292/microsoft-security-advisory-update-for-microsoft-eap-implementation-th

https://community.spiceworks.com/topic/2195158-enable-tls1-2-in-windows-server-nps

You'll be able to see whether or not this is the problem you're having in a packet capture--look at the Client Hello and Server Hello packets and compare the TLS versions each one is trying to use.

Solution 2:

one of these things that you do once a year and forget. Since this is top result I'll leave this here;

So issue for me is that I'm using a self signed server cert to auth meraki 802.1x, PEAP refuses to do any auth with expired cert (and empty subject in actual cert)

it expires once a year and needs renewing (from iis is by far quickest). once new one is in place everything is starting to auth as expected again