https://community.cisco.com/t5/network-access-control/acs-v4-user-authentication-issues/m-p/686357#M422416 <HTML><HEAD></HEAD><BODY><P>Hello</P><P></P><P>if the corruption is not in your local certificates, which i think to be unlikly since it can't be that all pc/laptops have this problem then you might want to check if some one changed the root CA of you domain. if so then all you need to do is reissue a service sertificate to your ACS from the CA.</P><P>best use the "subordinate certificate authority" template or the "web server" if you have to. then issue anew certificate to your laptop and delete the old one using the certificate management console in mmc.exe snapin.</P><P></P><P>hope this helps.</P><P>regards</P><P>Motti</P><P></P></BODY></HTML> Thu, 23 Nov 2006 13:16:34 GMT mmmoookkk 2006-11-23T13:16:34Z https://community.cisco.com/t5/network-access-control/acs-v4-user-authentication-issues/m-p/686355#M422414 <P>We've had ACS in and working for our Wireless network for the past 8 weeks, then on friday we started having problems with user authentication. As far as we can check nothing has changed on the ACS or WLC we think it's a change within AD thats caused the problem but we need to prove it with our Server support manager.</P><P></P><P>The two authentication failure messages we are getting are Authetication session invalidated and EAP-TLS or PEAP authentication failed during SSL handshake.</P><P></P><P>If anyone could shed some light of what these errors might represent it would be much appreciated?</P><P></P><P>Thanks</P><P></P><P>Jon </P><P> </P><P></P> Sun, 10 Mar 2019 21:51:05 GMT https://community.cisco.com/t5/network-access-control/acs-v4-user-authentication-issues/m-p/686355#M422414 jonhill 2019-03-10T21:51:05Z https://community.cisco.com/t5/network-access-control/acs-v4-user-authentication-issues/m-p/686356#M422415 <HTML><HEAD></HEAD><BODY><P>Where do you see the message? On AP?</P><P></P><P>I have seen the same error "AP-TLS or PEAP authentication failed during SSL handshake" during implementation, and it was due to corrupted my cert, not the AD.</P><P></P><P>I re-generate new cert (and of course, you must follow correct procedures/steps) to get it run again.</P><P></P><P>Pls look at this doc for some guide:</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0ea.shtml" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0ea.shtml</A></P><P></P><P>HTH</P><P>AK</P><P></P></BODY></HTML> Mon, 20 Nov 2006 17:32:40 GMT https://community.cisco.com/t5/network-access-control/acs-v4-user-authentication-issues/m-p/686356#M422415 a.kiprawih 2006-11-20T17:32:40Z https://community.cisco.com/t5/network-access-control/acs-v4-user-authentication-issues/m-p/686357#M422416 <HTML><HEAD></HEAD><BODY><P>Hello</P><P></P><P>if the corruption is not in your local certificates, which i think to be unlikly since it can't be that all pc/laptops have this problem then you might want to check if some one changed the root CA of you domain. if so then all you need to do is reissue a service sertificate to your ACS from the CA.</P><P>best use the "subordinate certificate authority" template or the "web server" if you have to. then issue anew certificate to your laptop and delete the old one using the certificate management console in mmc.exe snapin.</P><P></P><P>hope this helps.</P><P>regards</P><P>Motti</P><P></P></BODY></HTML> Thu, 23 Nov 2006 13:16:34 GMT https://community.cisco.com/t5/network-access-control/acs-v4-user-authentication-issues/m-p/686357#M422416 mmmoookkk 2006-11-23T13:16:34Z