cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

453
Views
0
Helpful
5
Replies
InfraISE2020
Beginner

5400 Authentication failed Windows 10 clients

Hi,

 

We have recently come across an issue where our Windows clients are getting prompted to enter a username/password when connecting to our corporate network. Nothing has been changed on our environment and its been working fine until a few weeks ago. The only change is users have been upgraded to Windows 10 1909, nothing has changed on ISE.

 

I have looked through the logs and we're getting an event "5400 Authentication Failed" & "11514 Unexpectedly received empty TLS message; treating as a rejection by the client", screenshot of the error attached.

 

Has anyone else come across this issue and have you been able to resolve it.

 

Thanks in advance.

Ashley

1 ACCEPTED SOLUTION

Accepted Solutions
Mike.Cifelli
VIP Advocate

Please share your native supplicant configuration from one of the clients.  AFAIK this error is typically from the following:

-The supplicant/client machine is not accepting ISE cert

-Supplicant is configured to validate server cert. However, it does not trust the ISE cert presented

Which is causing ISE to treat it as rejected.  Please verify if you have validate server cert configured/enabled in supplicant setup.  Also, ensure that the cert chain is imported on the client side so that the presented ISE cert is trusted.  HTH!

 

 

View solution in original post

5 REPLIES 5
Marcelo Morais
Advocate

Hi @InfraISE2020 ,

 if you are using AnyConnect as a Supplicant ... please take a look at the Event Viewer > Applications and Services Logs > Cisco AnyConnect Secure Mobile Client for any issues during the process.

 

Hope this helps !!!

Hi @Marcelo Morais 

 

We aren't using anyconnect, were just using 802.1x from Cisco Meraki to ISE and the clients have a standard windows 10 802.1x wlan profile configured for them to connect to the SSID. 

 

Any ideas?

marce1000
VIP Advisor

 

 - What type of authenticating servers are being used, and what's in the their logs for these auth-attempts ?

 M.

Hi @marce1000 

 

Thanks for the quick response. We are using 802.1x from Meraki to ISE and the clients are using a windows 802.1x WLAN profile to connect to the SSID.

 

Could you confirm what logs you're referring to and i will provide an output of them?

 

Thanks

 

Mike.Cifelli
VIP Advocate

Please share your native supplicant configuration from one of the clients.  AFAIK this error is typically from the following:

-The supplicant/client machine is not accepting ISE cert

-Supplicant is configured to validate server cert. However, it does not trust the ISE cert presented

Which is causing ISE to treat it as rejected.  Please verify if you have validate server cert configured/enabled in supplicant setup.  Also, ensure that the cert chain is imported on the client side so that the presented ISE cert is trusted.  HTH!

 

 

View solution in original post

Content for Community-Ad