cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

10490
Views
0
Helpful
16
Replies
agipkcoat
Beginner

ISE 2.4 and Win10 issue - 5440 Endpoint abandoned EAP session and started new

We faced with an issue 5440 Endpoint abandoned EAP session and started new

Use case: Corporate users using corporate machine – Dot1x authentication using certificates (User + Machine) EAP-FAST and Posture assessment

 

Network Devices:

Cisco WS-3750X - IOS 15.2(4)E7

Cisco WS-3650 - IOS 16.3.7

 

Deployment details:

ISE 2.4.0.357, Patch 1,2,3,4,5

AnyConnect module v.4.7.00136

Windows 7, 10.

 

Use case works perfect with 3650 switch IOS 16.3.7 on Win7 and Win10.

But if we trying to use 3750X with IOS 15.2(4)E7, we have a problems only with Win10 while Win7 works correctly. 

 

 

16 REPLIES 16
agipkcoat
Beginner

While troubleshooting we mentioned that use case AnyConnect NAM: EAP-FAST(User and machine using EAP-MSCHAPv2) works fine.
But if we trying to configure Win10 supplicant to use EAP-TLS, so in this case authorization fails. Native supplicant also works fine with certs.
After reviewing DART file, we mentioned, that endpoint sends an error message: internal error 204 contact software manufacturer.
Does anyone have faced with the same issue?

Content for Community-Ad