Showing results for 
Search instead for 
Did you mean: 
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


802.1x - ACS 3.3 with AD Integration

I'm running into an issue using AD integration and 802.1x. A previous thread on this indicated the 802.1x authentication occured prior to the domain login process.

However, when I attempt to login to a machine using a domain account and that account profile is not cached on the machine, the authentication fails indicating it could no contact te specified domain.

Obviously the 802.1x authentication is not occuring to open the port then pass the domain credentials to the AD. The ACS is configuerd to pass unknown users to the AD for authentication at which point the ACS should import the account.

Why is the 802.1x failing for uncached user accounts?

Frequent Contributor

Try this steps:>

1.Check your NTLM version.

NTLMv2 is not supported between ACS and AD. Supported is only NTLM.

2.Check Authentication Method

For the authenticating dot1x users on the external database you need use either PEAP or EAP-TLS as the authentication method. Both of these involve certificates. EAP-MD5 is not supported on External database for authentication.

Try this links:>


I have few suggestions to make :

1) Before you try for an un cached user who is in AD , please cofigure a user in ACS that is not cached in your loptop and see if that user is able to authenticate . If this user is able to authenticate then the issue is with ACS ----> AD , if this is not able to authenticate this issue is with the Laptop not sending the right credentials .

2) If the above does not work then this issue is because of the Laptop , for correct this you need to check the below link that talks abt clearing the old cashed credentials .;en-us;823731

Let me know how this goes ,if both the suggestions do not work then we need to inspect the file from the ACS .

All the best !!