hello to all,
does anyone have tested a windows 11 machine with ISE?
I'm testing windows 11 and it does not authenticate automatically.
I have to login to the session and then windows 11 prompt me with the message "action required" and then takes me to the network do manually sign in to the network.
On windows 10 it works perfectly.
Solved! Go to Solution.
I too have the issue with Windows 11 where it prompts with "Action needed" and "You'll need to sign in or take other action go get full network access." except via wired (wireless works just fine). Running ISE 3.1 with the latest patch. On the switch port authentication display it sits at 'dot1x = running' and will run well beyond the dot1x timer setting. Like what was mentioned before, it looks like it is working on authenticating with the 'endpoint abandoned EAP session and started new' but will not continue until I "Sign in" to the network in Windows. I've verified our domain root CA's certificate is listed under the Trusted Root Certification Authorities and yet it seems like Windows does not trust the network.
We opened up a ticket with Microsoft but at this point they've been useless and give no effort in responding in less than a week's time with each email.
We want to start deploying Windows 11 but this is holding it up.
Any help would be appreciated!
I worked for a company that did eap-tls wired and wireless authentication. We had the described issue for Windows 11 wired authentication , worked perfectly in Windows 10 and I THINK with wireless. In our specific instance in Windows 10 we did not mark a "Trusted Root Certificate Authorities:" server in the machine's dot1x settings. When testing Windows 11, we found that simply selecting the CA that you specifically want to trust resolved the issue. Additionally, if you select the box "Connect to these servers", I have heard reports that in Windows 11 that becomes case sensitive. So it that doesn't exactly match, with case, you will get the same popup. A google search of this "Always On VPN Error 853 on Windows 11" will take you to a nice writeup describing the issue.
To be clear our working config was verify the server's identity by validating the certificate. NOT selecting Connect to these servers. Select the trusted root cert authority for your ISE cert.