Windows Server 2019 NPS PEAP not working with Internal CA, But works with self signed

i’ve got trouble with NPS on 1 of my customers sites which wont authenticate with EAP when using the internal CA certificates. I’ve tried 4-6 variation of the internal certificate to no avail..

NPS log show’s nothing , Account log show this:

#04/02/2021 13:17:53.720/Timestamp><Computer-Name data_type=”1″SERVICES</Computer-NameIAS272311 1 04/02/2021 10:57:31 50</ClassSession-Timeout data_type=”0″>30/Session-Timeout><Client-Vendor data_type=”0″0/Client-Vendor><Client-Friendly-Name data_type=”1″NETWORK/Client-Friendly-Name><NP-Policy-Name data_type=”1″Connections to Microsoft Routing and Remote Access server5Use Windows authentication for all users1/Provider-TypeSAM-Account-Name data_type=”1″>XXXantpal/SAM-Account-Name>Fully-Qualifed-User-Name data_type=”1″XXXantpal /Fully-Qualifed-User-Name Packet-Type data_type=”0″11/Packet-Type> Reason-Code data_type=”0″ 0 /Reason-Code /Event

on the client side it’s stuck at verifying credentials.

Note that if i choose a self signed certificate this work’s just fine. I don’t know which log to refer to next here.

Ideeas ?