hello to all,
does anyone have tested a windows 11 machine with ISE?
I'm testing windows 11 and it does not authenticate automatically.
I have to login to the session and then windows 11 prompt me with the message "action required" and then takes me to the network do manually sign in to the network.
On windows 10 it works perfectly.
Solved! Go to Solution.
I worked for a company that did eap-tls wired and wireless authentication. We had the described issue for Windows 11 wired authentication , worked perfectly in Windows 10 and I THINK with wireless. In our specific instance in Windows 10 we did not mark a "Trusted Root Certificate Authorities:" server in the machine's dot1x settings. When testing Windows 11, we found that simply selecting the CA that you specifically want to trust resolved the issue. Additionally, if you select the box "Connect to these servers", I have heard reports that in Windows 11 that becomes case sensitive. So it that doesn't exactly match, with case, you will get the same popup. A google search of this "Always On VPN Error 853 on Windows 11" will take you to a nice writeup describing the issue.
To be clear our working config was verify the server's identity by validating the certificate. NOT selecting Connect to these servers. Select the trusted root cert authority for your ISE cert.
- For starters ,what is your ISE version , for ISE 3.1 checkout : https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/compatibility_doc/b_ise_sdt_31.html#microsoftwindows . for the rest you will need to provide more details as to which authentication solutions are being used. If , for instance , there is a supplicant , then is it compatible with Windows 11 ? After explaining all of this , a screenshot may also be helpful.
Yes, Windows 11 works with ISE.
You have not provided any information about how you expect Windows to connect to your network:
You have not provided any ISE LiveLog error messages to potentially understand what ISE is seeing - if anything - and possibly why it is being rejected.
You have not provided any Screenshots of the actual Windows error.
Hello, I also have this issue.
We are working with ISE 3.1, the wifi authentification is done via local certificates delivered with Intune CSP. Our windows 11 computer aren't connecting automatically, and also whenever we try to connect to our primary SSID we get the following message (sorry for french) :
Our windows 10 computer are working fine. I've checked the ise live logs, it seems that the Windows 11 computer fall into our "Windows 10 workstation" Endpoint profile
I have tried playing with Regedit to try and disable this function (https://windowsreport.com/wifi-action-needed-windows-10/) but it doesn't seem to work on Windows 11. Are there any ise config requirements know for windows 11 ? Thanks a lot
Yes we have had ESI tech do an exit survey after we installed our new 9k cisco ap's, and we followed their recommandation (a lot of them were indeed regarding our RF profiles.)
Our RF profile looks like this currently (for 2.4 and 5ghz) :
We don't have any channel overlap, our tx power is fine, and our RSSI is -75.
Are there specific RF config requirements for Windows 11 we need to do ? Thanks a lot
No problem, the message says the following :
"Continue connecting? If you expect to find ia-secur in this location, go ahead and connect. Otherwise, it may be a different network with the same name." There is also a pop-up windows message that says "Action required" instead of automatically connecting to our wifi.
Got it, so looks like two profiles for the same SSID are being pushed to the device or the settings in the inTune do not match what security requirements are in place for the SSID (PEAP vs EAP-TLS, computer/user auth, etc.). If you "forget" the network and re-join do you see the same error?