Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


Certificate is required for this connection

I realize this may not be the most appropriate forum for this question but here goes.

I am deploying Wired and Wireless 802.1x using ISE as RADIUS server with EAP-TLS for Windows 7 devices. The customer is using a Windows Server 2008 R2 certificate authority server. User and Machine certificates are being deployed through GPO. It is all working great for the most part.

Here is where my issue is:

I duplicate the User template and select the 2003 template. the user certificate deploys with GPO to the client and the computer uses the certificate to authenticate.

I duplicate the User template and select the 2008 template. the user certificate deploys with GPO to the client BUT the computer displays a message that "a certificate is required for this connection"

It is acting like there isn't a certificate in the personal user certificate store, but the appropriate certificate does exist. I looked at the 2003 and the 2008 template and I can't find the difference between them or why one wouldn't work.

The simple answer would be to just use the 2003 template but the customer is concerned that in a future windows server release that the server 2003 template won't be available. so we would liek to figure out why the 2008 template does not work properly.

I attached a screenshot and a debug dot1x of a failure.

Content for Community-Ad