Event log entry in Windows NPS
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
Authentication Type: PEAP
EAP Type: –
Account Session Identifier: –
Logging Results: Accounting information was written to the local log file.
Reason Code: 265
Reason: The certificate chain was issued by an authority that is not trusted.
Remove “System-cs-cert=true” from /etc/NetworkManager/system-connections/<SSID>
I have noticed that you need to remove this entry every time you edit the SSID, even if you leave it in there and set it to false.