cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

5010
Views
0
Helpful
3
Replies
skc455
Beginner

Explicit Eap failure received, EAP Error: 0x80420014

Hello, need some inputs on how to solve this issue. We currently have ise 2.6 implementing wireless 802.1x using windows supplicant. Currently performing peap using certificates. Auto enrolled certs to be issued to user and computer via gpo and on supplicant we are using user or machine authentication. Here is the issue: My laptop has my user and machine cert already installed so I can see both machine auth user auth happening on ISE, but when another user tries to login to my laptop it disconnects from wifi not allowing the user to get his certificate. I see no authc failures in ise but in wlan-autoconfig  logs in supplicant I see: 

Identity: NULL
User: abc
Domain: xyz
Reason: Explicit Eap failure received
Error: 0x80420014
EAP Reason: 0x80420100
EAP Root cause String: Network authentication failed\nThe user certificate required for the network can't be found on this computer.

EAP Error: 0x80420014

 Its like a chicken or egg situation, without cert user cant get access to corp wifi network, in order to get cert user needs access to corp wifi. How can this issue be resolved?

3 REPLIES 3
thomas
Cisco Employee

How did you get your user certificate installed on the PC originally?

Was it manually installed or did you allow non-certificate authentication (EAP-MSCHAPv2) to then provision it with limited access?

It was installed via GPO by connecting to wired network.


thomas
Cisco Employee

Then allow your users limited access when authenticating via username/password to get on the network and connected to the AD domain controller to get the necessary Group Policy Objects (GPOs) pushed including a user certificate so they can re-connect with a user cert with full access.

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube