Changes to your RADIUS server, don't need a restart of the controller/APs.
If you change the RADIUS server certificate, especially to a new Root CA you should reprovision your clients. It's strongly recommended to do that through a device management tool, like group policies, or MDM/EMM tooling. Clients should properly verify the RADIUS server certificate to keep the network, and if you use MSCHAPv2 (DEPRECATED because of weak security) the user credentials.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: May 05, 2025 06:19 PM
From: eddie_ma
Subject: after MS NPS Certs updated, do 7200- AOS 8.10.x ALSO need to get restarted ?
good day
as part of our 802.1x auth (MS NPS ) we have to update NPS Cert (signed by the on-prem A.D. CA server) , well we had to update our Root CA , and oddly enough our NPS were expiring at same time as end-of-service date of Root CA
so we updated Root CA . then create new Cert using same key , for NPS systems.... and inside NPS Policies, choosed the newly-created NPS certs. great, all good.
question i have is some Win 11 (mostly) are NOT 'accepting new Cert for this wifi location' ...
am i supposed to ALSO reboot the HA 7200 controllers to deal with new NPS Cert applied ?
we don't normally PUSH / Deploy the NPS certs to client systems, we tend to let them 'get accepted' by devices ....
thnx for any feedback...whilst i await TAC call-back
EddieInMA