Azure Agent replaces NPS certificate


This weekend, we migrated a client’s VMware ESXi VMs to Azure using Azure Migrate. After finalizing the migration, we installed Azure Agent on all of the VMs so Azure can back them up, etc.

However, we found that the PCs weren’t able to connect to the 802.1x-authenticated SSID. On the NPS server’s Security event logs, we found many 6273 event IDs with the message, “The certificate chain was issued by an authority that is not trusted.”

This error points to a certificate problem, so I dug into the NPS server only to find…

Apparently, the Azure Agent not only installs this certificate but doing to replaces the CA cert on an NPS server.

The good news is that our cert was in the dropdown so we only had to reselect it after which the PCs immediately reconnected to the network.