https://community.cisco.com/t5/network-access-control/machine-authentication/m-p/3941551#M456486 Thank you Panos it's all sorted. Wed, 16 Oct 2019 10:04:56 GMT Wasif.B 2019-10-16T10:04:56Z https://community.cisco.com/t5/network-access-control/machine-authentication/m-p/3940645#M456477 <P>Hello everyone,</P><P>I am learning ISE, installed v2.4 VM, configured EAP-FAST, user is authenticating but the machine is not, wondering if anyone can help.&nbsp;</P><P>&nbsp;</P><H3>Authentication Details</H3><TABLE border="0"><TBODY><TR><TD>Source Timestamp</TD><TD>2019-10-15 06:47:20.505</TD></TR><TR><TD>Received Timestamp</TD><TD>2019-10-15 06:47:20.506</TD></TR><TR><TD>Policy Server</TD><TD>ISE1</TD></TR><TR><TD>Event</TD><TD>5200 Authentication succeeded</TD></TR><TR><TD>Username</TD><TD>wasif,host/Test-Laptop</TD></TR><TR><TD>Endpoint Id</TD><TD>00:0C:29:F3:22:33</TD></TR><TR><TD>Calling Station Id</TD><TD>00-0C-29-F3-22-33</TD></TR><TR><TD>Endpoint Profile</TD><TD>Microsoft-Workstation</TD></TR><TR><TD>IPv4 Address</TD><TD>10.0.10.152</TD></TR><TR><TD>Authentication Identity Store</TD><TD>homelab-AD</TD></TR><TR><TD>Identity Group</TD><TD>Workstation</TD></TR><TR><TD>Audit Session Id</TD><TD>0A0063010000002601440902</TD></TR><TR><TD>Authentication Method</TD><TD>dot1x</TD></TR><TR><TD>Authentication Protocol</TD><TD>EAP-FAST (EAP-MSCHAPv2)</TD></TR><TR><TD>Service Type</TD><TD>Framed</TD></TR><TR><TD>Network Device</TD><TD>3560-G</TD></TR><TR><TD>Device Type</TD><TD>All Device Types#Wired</TD></TR><TR><TD>Location</TD><TD>All Locations#Chicago</TD></TR><TR><TD>NAS IPv4 Address</TD><TD>10.0.100.1</TD></TR><TR><TD>NAS Port Id</TD><TD>GigabitEthernet0/1</TD></TR><TR><TD>NAS Port Type</TD><TD>Ethernet</TD></TR><TR><TD>Authorization Profile</TD><TD>homelab-Limited</TD></TR><TR><TD>Posture Status</TD><TD>Compliant</TD></TR><TR><TD>Response Time</TD><TD>5&nbsp;millisecon</TD></TR></TBODY></TABLE><P>&nbsp;</P><H3>Other Attributes</H3><TABLE border="0"><TBODY><TR><TD>ConfigVersionId</TD><TD>79</TD></TR><TR><TD>DestinationPort</TD><TD>1812</TD></TR><TR><TD>Protocol</TD><TD>Radius</TD></TR><TR><TD>NAS-Port</TD><TD>50001</TD></TR><TR><TD>Framed-MTU</TD><TD>1500</TD></TR><TR><TD>State</TD><TD>37CPMSessionID=0A0063010000002601440902;28SessionID=ISE1/360474437/311;</TD></TR><TR><TD>NetworkDeviceProfileId</TD><TD>403ea8fc-7a27-41c3-80bb-27964031a08d</TD></TR><TR><TD>IsThirdPartyDeviceFlow</TD><TD>false</TD></TR><TR><TD>AcsSessionID</TD><TD>ISE1/360474437/311</TD></TR><TR><TD>UseCase</TD><TD>Eap Chaining</TD></TR><TR><TD>NACRadiusUserName</TD><TD>wasif</TD></TR><TR><TD>SelectedAuthenticationIdentityStores</TD><TD>homelab-AD</TD></TR><TR><TD>SelectedAuthenticationIdentityStores</TD><TD>Internal Endpoints</TD></TR><TR><TD>SelectedAuthenticationIdentityStores</TD><TD>Internal Users</TD></TR><TR><TD>SelectedAuthenticationIdentityStores</TD><TD>Guest Users</TD></TR><TR><TD>AuthenticationStatus</TD><TD>AuthenticationFailed</TD></TR><TR><TD>IdentityPolicyMatchedRule</TD><TD>homelab 802.1x</TD></TR><TR><TD>AuthorizationPolicyMatchedRule</TD><TD>CHAINING USER ONLY</TD></TR><TR><TD>CPMSessionID</TD><TD>0A0063010000002601440902</TD></TR><TR><TD>EndPointMACAddress</TD><TD>00-0C-29-F3-22-33</TD></TR><TR><TD>EapChainingResult</TD><TD>User succeeded and machine failed</TD></TR><TR><TD>ISEPolicySetName</TD><TD>Wired</TD></TR><TR><TD>IdentitySelectionMatchedRule</TD><TD>homelab 802.1x</TD></TR><TR><TD>AD-User-Resolved-Identities</TD><TD>wasif@homelab.local</TD></TR><TR><TD>AD-User-Candidate-Identities</TD><TD>TEST-LAPTOP$@homelab.local</TD></TR><TR><TD>AD-User-Join-Point</TD><TD>HOMELAB.LOCAL</TD></TR><TR><TD>AD-User-Resolved-DNs</TD><TD>CN=wasif,DC=homelab,DC=local</TD></TR><TR><TD>AD-Groups-Names</TD><TD>homelab.local/Employee</TD></TR><TR><TD>AD-Groups-Names</TD><TD>homelab.local/Users/Domain Users</TD></TR><TR><TD>IsMachineIdentity</TD><TD>false</TD></TR><TR><TD>UserAccountControl</TD><TD>4096</TD></TR><TR><TD>TLSCipher</TD><TD>ECDHE-RSA-AES256-GCM-SHA384</TD></TR><TR><TD>TLSVersion</TD><TD>TLSv1.2</TD></TR><TR><TD>DTLSSupport</TD><TD>Unknown</TD></TR><TR><TD>HostIdentityGroup</TD><TD>Endpoint Identity Groups:Profiled:Workstation</TD></TR><TR><TD>Network Device Profile</TD><TD>Cisco</TD></TR><TR><TD>Location</TD><TD>Location#All Locations#Chicago</TD></TR><TR><TD>Device Type</TD><TD>Device Type#All Device Types#Wired</TD></TR><TR><TD>ExternalGroups</TD><TD>S-1-5-21-630241409-3634873573-2845902898-1106</TD></TR><TR><TD>ExternalGroups</TD><TD>S-1-5-21-630241409-3634873573-2845902898-513</TD></TR><TR><TD>IdentityAccessRestricted</TD><TD>false</TD></TR><TR><TD>RADIUS Username</TD><TD>anonymous</TD></TR><TR><TD>Device IP Address</TD><TD>10.0.100.1</TD></TR><TR><TD>Called-Station-ID</TD><TD>00:13:C4:3C:D1:01</TD></TR><TR><TD>CiscoAVPair</TD><TD>service-type=Framed, audit-session-id=0A0063010000002601440902</TD></TR></TBODY></TABLE><P>&nbsp;</P><P>Please if anyone can help me...giant thank you.</P><P>-Wasif.</P><P>&nbsp;</P> Tue, 15 Oct 2019 07:21:35 GMT https://community.cisco.com/t5/network-access-control/machine-authentication/m-p/3940645#M456477 Wasif.B 2019-10-15T07:21:35Z https://community.cisco.com/t5/network-access-control/machine-authentication/m-p/3940842#M456479 <P>Hi WSB! Do you check your XML file? How should your machine be authenticated?</P><P>Regards!</P> Tue, 15 Oct 2019 12:34:51 GMT https://community.cisco.com/t5/network-access-control/machine-authentication/m-p/3940842#M456479 #Mat 2019-10-15T12:34:51Z https://community.cisco.com/t5/network-access-control/machine-authentication/m-p/3941489#M456481 Hi,<BR />Can you post the complete authentication results including the steps from the right column?<BR />Did Anyconnect prompted you for a password during connection?<BR />Also if your PC is Windows 10, did your perform the required registry settings for machine password, as per <A href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuw01496/?referring_site=bugquickviewredir" target="_blank">https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuw01496/?referring_site=bugquickviewredir</A> ?<BR />Registry changes:<BR />Navigate in Regedit to HKEY_LOCAL_MACHINESystemCurrentControlSetControlLsa.<BR />Add a new DWORD(32-bit) Value.<BR />Type LsaAllowReturningUnencryptedSecrets, and then press Enter.<BR />Right-click LsaAllowReturningUnencryptedSecrets, click Modify….<BR />Type 1 in the Value data box, and then click OK.<BR /> Wed, 16 Oct 2019 08:24:25 GMT https://community.cisco.com/t5/network-access-control/machine-authentication/m-p/3941489#M456481 Panos Bouras 2019-10-16T08:24:25Z https://community.cisco.com/t5/network-access-control/machine-authentication/m-p/3941550#M456483 Thank you Mat, I have resolved the issue. Thank you for your reply. Wed, 16 Oct 2019 10:04:30 GMT https://community.cisco.com/t5/network-access-control/machine-authentication/m-p/3941550#M456483 Wasif.B 2019-10-16T10:04:30Z https://community.cisco.com/t5/network-access-control/machine-authentication/m-p/3941551#M456486 Thank you Panos it's all sorted. Wed, 16 Oct 2019 10:04:56 GMT https://community.cisco.com/t5/network-access-control/machine-authentication/m-p/3941551#M456486 Wasif.B 2019-10-16T10:04:56Z