Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7796
Views
0
Helpful
6
Replies

5400 Authentication failed Windows 10 clients

Go to solution
InfraISE2020
Level 1
Level 1

‎02-26-2021 02:03 AM

Hi,

 

We have recently come across an issue where our Windows clients are getting prompted to enter a username/password when connecting to our corporate network. Nothing has been changed on our environment and its been working fine until a few weeks ago. The only change is users have been upgraded to Windows 10 1909, nothing has changed on ISE.

 

I have looked through the logs and we're getting an event "5400 Authentication Failed" & "11514 Unexpectedly received empty TLS message; treating as a rejection by the client", screenshot of the error attached.

 

Has anyone else come across this issue and have you been able to resolve it.

 

Thanks in advance.

Ashley

2 people had this problem
Preview file
49 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎02-26-2021 04:33 AM

Please share your native supplicant configuration from one of the clients.  AFAIK this error is typically from the following:

-The supplicant/client machine is not accepting ISE cert

-Supplicant is configured to validate server cert. However, it does not trust the ISE cert presented

Which is causing ISE to treat it as rejected.  Please verify if you have validate server cert configured/enabled in supplicant setup.  Also, ensure that the cert chain is imported on the client side so that the presented ISE cert is trusted.  HTH!

 

 

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Marcelo Morais
VIP
VIP

‎02-26-2021 03:18 AM

Hi @InfraISE2020 ,

 if you are using AnyConnect as a Supplicant ... please take a look at the Event Viewer > Applications and Services Logs > Cisco AnyConnect Secure Mobile Client for any issues during the process.

 

Hope this helps !!!

0 Helpful

Go to solution
InfraISE2020
Level 1
Level 1
In response to Marcelo Morais

‎02-26-2021 03:33 AM

Hi @Marcelo Morais 

 

We aren't using anyconnect, were just using 802.1x from Cisco Meraki to ISE and the clients have a standard windows 10 802.1x wlan profile configured for them to connect to the SSID. 

 

Any ideas?

0 Helpful

Go to solution
marce1000
VIP
VIP

‎02-26-2021 03:18 AM

 

 - What type of authenticating servers are being used, and what's in the their logs for these auth-attempts ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
InfraISE2020
Level 1
Level 1
In response to marce1000

‎02-26-2021 03:39 AM

Hi @marce1000 

 

Thanks for the quick response. We are using 802.1x from Meraki to ISE and the clients are using a windows 802.1x WLAN profile to connect to the SSID.

 

Could you confirm what logs you're referring to and i will provide an output of them?

 

Thanks

 

0 Helpful

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎02-26-2021 04:33 AM

Please share your native supplicant configuration from one of the clients.  AFAIK this error is typically from the following:

-The supplicant/client machine is not accepting ISE cert

-Supplicant is configured to validate server cert. However, it does not trust the ISE cert presented

Which is causing ISE to treat it as rejected.  Please verify if you have validate server cert configured/enabled in supplicant setup.  Also, ensure that the cert chain is imported on the client side so that the presented ISE cert is trusted.  HTH!

 

 

0 Helpful

Go to solution
mdmujahiduzzaman
Level 1
Level 1

‎08-16-2022 01:48 AM

Please check ISE system certificate validation.

0 Helpful
Customers Also Viewed These Support Documents