802.1x Wi-Fi EAP auth stopped working

802.1x set , working correctly more year, clients unable authenticate connect ap. certs , 802.1x connection distributed group policy. internal ca. servers ws2012, clients win 7, few w10. small company not lot of data points.

full disclosure: have 1 windows 10 client (so far) did connect today, 2 more (so far) unable to. not sure of make of that.

this event logged when connection attempted on problem clients:

log name:      microsoft-windows-wlan-autoconfig/operational
source:        microsoft-windows-wlan-autoconfig
date:          12/8/2016 11:51:57 am
event id:      12013
task category: onexauthentication
level:         error
keywords:      (512)
user:          system
computer:      workstation.domain.local
description:
wireless 802.1x authentication failed.

network adapter: dell wireless 1502 802.11b/g/n
interface guid: {c0f4b343-df4c-401f-ac6a-4d667eb0c070}
local mac address: 64:27:37:47:c7:a5
network ssid: eapssid
bss type: infrastructure
peer mac address: 4e:d9:e7:21:9e:12
identity: host/computer.domain.local
user:
domain:
reason: explicit eap failure received
error: 0x30a
eap reason: 0x30a
eap root cause string: windows cannot connect network
there problem certificate on server required authentication.

eap error: 0x80420204

certs on radius server , clients valid per certificates mmc , validate certutil -verifystore my. cert shown in eap policy in nps valid, don't know go here.

if matters, it's ubiquity unifi wi-fi system.

found problem. wrong cert selected eap network policy on radius server. selected correct cert , started working. don't know how changed; perhaps when certs auto-renewed.

something of mystery how 1 windows 10 client able connect, though.

Windows Server  >  Security