Yes it is an AD joined PC. It is only one PC having the issue

Hi Rob,  just a follow up on the same, after accessing the ISE from another client machine, I realized the EAP certificate has expired. My question in, why am I still being able to access with another client machine if the Root certificate is expired. I expected not to authenticate other client machines. Your input kindly

@Dkiptoo I would expect the client machine to pop up a warning. Possibly the supplicant (on the computer) is configured not to validate the ISE EAP certificate and so no error/warning is displayed on the computer.

I assume you mean the ISE EAP certificiate is expired, not the root certificate that issued the EAP certificate?

Yes, the ISE EAP is the one that expired. I got a pop up on the client machine informing of the expired certificate

@Dkiptoo ok, so you accepted the warning and continued to be authenticated.

Renew the ISE EAP certificate as the link above, you should no longer have any client side warnings.

Hi Rob, thank you for  your input. I was able to renew the EAP Certificate  signed by the CA and services resumed normal. However I have 2 ISE nodes, PAN and Secondary and I did on the PAN. On the secondary it still show expired. Do I need to repeat the process on the secondary node  again to keep them in sync? Currently they are not in Sync. The also during the process, I noticed despite all other client machines not being able to be authenticated due to expired certificate, there was still  one machine that was still on the respective VLAN. Could this  be a case maybe 802.1X  is  disabled on the specific switchport? 

@Dkiptoo you need a certificate on each node, so repeat the process for the Secondary node - you do this from the Primary PAN, just select the other node.

Possibly 802.1X is not enabled on that port, check the switchport configuration and run "show authentication session interface <number> detail".