cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4599
Views
0
Helpful
5
Replies

12511 Unexpectedly received TLS alert message; processing as a rejection by the client

ithq783ds3
Level 1
Level 1

I have some windows 10 and 7 PCs that do not manage to connect to my Wifi dot.1x or MAB. even if it's an open Guest network  I recorded this error message on live log "12511 Unexpectedly received TLS alert message; processing as a rejection by the client" but after a time saying 24h, the pc is able  to connect.

 please can you tell me what is the problem ?

 

ISE 2.3 patch 4 installed

protocol allowed Process Host Lookup  Authentication Protocols  Allow PAP / ASCII  PEAP EAP MS-CHAPv2

 

thanks

1 Accepted Solution

Accepted Solutions

kvenkata1
Cisco Employee
Cisco Employee

The message corresponds to TLS & you are saying wifi connectivity is failing even without dot1x. Without any changes in the client, what I don't understand is how can the error go away after 24 hours. Please open a TAC case & work with them to resolve the issue. I would start with the Wireless team.

 

- Krish

View solution in original post

5 Replies 5

kvenkata1
Cisco Employee
Cisco Employee

The message corresponds to TLS & you are saying wifi connectivity is failing even without dot1x. Without any changes in the client, what I don't understand is how can the error go away after 24 hours. Please open a TAC case & work with them to resolve the issue. I would start with the Wireless team.

 

- Krish

We seem to be having the smae issue with patch 5 on 2.3. Can you let me know how this was fixed for you

Hello Chougule

we have not solved this problem yet, but I noticed this problem just on some windows 10 version

Dragging this thread back to life :)

One of our customer has a similar issue with a 2.3 deployment. 99.9% working fine but in the customer's words:-

"We've got one user for example today that was working happy in the morning only to have his wired connection interrupted for 17 minutes and then this issue fixed by itself without us changing any setting on his client machine"

 

Event 5434 Endpoint conducted several failed authentications of the same scenario
Failure Reason 12511 Unexpectedly received TLS alert message; treating as a rejection by the client

 

I get it if ISE does not trust the CA or it's a wildcard issue, etc. But why would it authc and authz fine, then fail, then work again??

 

Any advice gratefully received!

Cheers,

Matt.

Rather difficult to investigate, look at logs, etc here on the forum and its not the purview of the engagement. Suggest you look at getting a tac case opened to investigate if its really important. http://cs.co/ise-help look at how to ask the community for help.