cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2110
Views
0
Helpful
3
Replies

Cisco ISE 1.3 and Windows 8 EAP chaining failing with computer Password

kanwar
Level 1
Level 1

I have a Windows 8 laptop with registry fix applied for computer name password issue and still not able to get authenticated with ISE 

was just wondering if that is a known issue out there ??

Thanks 

3 Replies 3

franklinb
Level 1
Level 1

Can you expand on what you mean by computer name password issue? Are you using certificates?

No, we are not  and just using AD groups for authentication and with Windows 8 - I get the computer password is wrong and even with this fix - still no resolution 

 

below are the details - 

 

M: Windows 8 Machine Auth not working.

CSCuc13862

Description


Symptom:
Machine authentication using machine password will not work on Windows 8 / 
Server 2012.

Conditions:
Windows 8 and Windows Server 2012 platforms.

Workaround:
Registry fix described in Microsoft KB 2743127 
(http://support.microsoft.com/kb/2743127) needs to be applied to the client 
desktop. This fix includes adding a DWORD value 
LsaAllowReturningUnencryptedSecrets to the 
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa registry key and 
setting this value to 1. This change permits Local Security Authority (LSA) 
to provide clients like Cisco Network Access Manager with the Machine 
password. It is related to the increased default security settings in Windows 
8 / Server 2012. Machine authentication using Machine certificate does not 
require this change and will work the same as it worked with pre Windows 8 
OSes.

Note:
Machine authentication allows a client desktop to be authenticated to the 
server before the user logs in. During this time server can perform scheduled 
administrative tasks for this client machine. Machine authentication is also 
required for the EAP Chaining feature where a server can authenticate both 
User and Machine for a particular client. This will result in identifying 
company assets and applying appropriate access policy. For example, if this 
is a personal asset (PC/laptop/tablet), and a company login is used, server 
will fail Machine authentication, but succeed User authentication and will 
apply proper access restrictions to this client desktop.
 

this is the fix for windows 10 on desktop/laptops and my surface as well.  i had the same issue.