Hello Dears, 

  I have a little bit weird issue never faced it before, for the sake of testing for a client & to stay out of production impact, in addition to client confidentiality i had to simulate his environment base configuration to start Tshooting on my own, However, I have ISE 3.1 VM installed on ESXi & 2 Windows Machine ( 1 Virtual win 10 & the other physical Win 11) with also physical cisco catalyst 3750. I have configured EAP CHAINING with username/Password & works perfectly (User & machine both authenticated) 

The Ghost problem is when i use ce

rtificate to authenticate machine & user or even machine only. After i configure everything which i will mention later in this post & attach screenshots & machine boot the ISE application server restarts (happened also with ver. 3.0). Again, this only happens only when i use certificate for authenticating.. My configuration is :

1- AD act as AD & CA .

2- ROOT CA imported into ISE (Once i tried with download CA Certificate & with another ISE brand new VM with Download Certificate chain & import it).

3- CSR generated & signed from CA & imported to ISE & selected  Admin, EAP Authentication, RADIUS DTLS & Portal.

4- User & machine enrolled certificate successfully from CA with SAN.

5- Certificate Authentication Profile created successfully with:

  - Once i tried with Certificate Attribute Common Name.

  - Another time i tried with Any Subject or Alternative Name Attributes in the Certificate (for Active Directory Only).

6 Allowed protocol i created for EAP CHANING as attached. I tried everything literally.

7 - Created Auth policy with Network Access·EapAuthentication EQUALS EAP-TLS & Dot1x separately. 

8- I didn't create Authoz policy because the authentication doesn't occur at the first place, so i leave it default permit access. 

With all what i mentioned above the application server restarts with each machine restart or try to authenticate, in addition switch loses communication to ISE server. 

Thanks