https://community.cisco.com/t5/network-access-control/peap-tls-wired/m-p/4128412#M562023 <P>It sounds like you're trying to use a certificate for 802.1x on a client that either does not have the correct certificate requirements or for which the client does not have the private key. The supplicant (native or AnyConnect NAM) will not present a certificate for 802.1x if that certificate does not meet the requirements or the client does not have the private key.</P> <P>See the following link for some info on minimum certificate requirements:</P> <P><A href="https://support.microsoft.com/en-au/help/814394/certificate-requirements-when-you-use-eap-tls-or-peap-with-eap-tls" target="_blank" rel="noopener">Certificate requirements when you use EAP-TLS or PEAP with EAP-TLS</A>&nbsp;</P> <P>&nbsp;</P> Fri, 31 Jul 2020 00:02:58 GMT Greg Gibbs 2020-07-31T00:02:58Z https://community.cisco.com/t5/network-access-control/peap-tls-wired/m-p/4128140#M562008 <P>Hi guys</P><P>I have a big problem in my envirenment.</P><P>I installed Cisco ise 2.7 and upgarded to patch2.</P><P>my scenario is peap tls. our clients are non domain join so users login locally.(windows 10)</P><P>we have a windows certificate server that generate certficate for users and users installed it on his certificate store.</P><P>other methods such as PEAP mschapv2-EAPFast works but PEAPTLS and EAPTLS dosent work.</P><P>after configure windows native supplicant for user authentication we get this error in ise:</P><DIV class="ellipsis"><STRONG>Endpoint abandoned EAP session and started new</STRONG></DIV><DIV class="ellipsis">&nbsp;</DIV><DIV class="ellipsis">Also I migrated to use cisco anyconnect with peaptls but i got below error during authtication</DIV><DIV class="ellipsis"><STRONG>cisco anyconnect no valid certificates available. please insert a smart card</STRONG></DIV><DIV class="ellipsis">&nbsp;</DIV><P>&nbsp;</P> Thu, 30 Jul 2020 15:58:59 GMT https://community.cisco.com/t5/network-access-control/peap-tls-wired/m-p/4128140#M562008 Saeid 2020-07-30T15:58:59Z https://community.cisco.com/t5/network-access-control/peap-tls-wired/m-p/4128412#M562023 <P>It sounds like you're trying to use a certificate for 802.1x on a client that either does not have the correct certificate requirements or for which the client does not have the private key. The supplicant (native or AnyConnect NAM) will not present a certificate for 802.1x if that certificate does not meet the requirements or the client does not have the private key.</P> <P>See the following link for some info on minimum certificate requirements:</P> <P><A href="https://support.microsoft.com/en-au/help/814394/certificate-requirements-when-you-use-eap-tls-or-peap-with-eap-tls" target="_blank" rel="noopener">Certificate requirements when you use EAP-TLS or PEAP with EAP-TLS</A>&nbsp;</P> <P>&nbsp;</P> Fri, 31 Jul 2020 00:02:58 GMT https://community.cisco.com/t5/network-access-control/peap-tls-wired/m-p/4128412#M562023 Greg Gibbs 2020-07-31T00:02:58Z https://community.cisco.com/t5/network-access-control/peap-tls-wired/m-p/4128585#M562030 <P>I met all the requirements but I get below error</P><P><STRONG>5440 Endpoint abandoned EAP session and started new</STRONG></P><P>after almost 2 minutes I get below error</P><P><STRONG>12942 Supplicant stopped responding to ISE during conducting inner EAP-TLS method</STRONG></P><P>&nbsp;</P><P>My user has client authentication purpose certificate and ise has server authetication&nbsp;purpose certificate</P><P>I have a user with name ise and below certificate (Attachments)</P><P>Windows event viewer error is attached</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 31 Jul 2020 10:11:34 GMT https://community.cisco.com/t5/network-access-control/peap-tls-wired/m-p/4128585#M562030 Saeid 2020-07-31T10:11:34Z