Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2399
Views
6
Helpful
5
Replies

ISE version 3 and AnyConnect NAM user and machine authentication Eap-chain with 2 user login to same machine

ahmed_saleh
Level 1
Level 1

‎02-02-2021 11:04 PM

Hello all

 

i have deployment ISE version 3 and AnyConnect NAM user and machine authentication (Certificate )Eap-chain with 2 user login to same windows Machin 

 

first user able to connect but second user he got no valid certificate how i can solve this issue

0 Helpful
5 Replies 5

Mohammed al Baqari
Level 11
Level 11

‎02-03-2021 03:47 AM

Hi,

Do you have all required certificates in the trusted store for all users? I
am referring to the certificate used for EAP as per your ISE config. Verify
that it exists for the error user.


***** please remember to rate useful posts
0 Helpful

ahmed_saleh
Level 1
Level 1
In response to Mohammed al Baqari

‎02-03-2021 09:37 PM

yes first user when he login in MMC personal certificate certificate is there

but second user he can login but no certificate ,then ISE is blocking all traffic 

i use work around ,changed user Auth EAP-FAST ->Authenticate using a password EAP-MSCHAPV2

 

0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to ahmed_saleh

‎02-03-2021 10:27 PM

Hi,

Is the certificate imported as machine certificate or user certificate.? It
should be user.

Also, try to reinstall NAM on the user machine as I have seen similar cases
before.

**** please remember to rate useful posts
0 Helpful

hslai
Cisco Employee
Cisco Employee
In response to ahmed_saleh

‎02-06-2021 04:41 PM

Assuming what Mike.Cifelli brought up not an issue for you, I would suggest you to check the event logs for certificate auto-enrollment, if that is what you are using, and ensure to provide connectivity for that. Still, I myself ran into some timing issues and ended up manual invoking the certificate enrollment. 

Mike.Cifelli
VIP Alumni
VIP Alumni

‎02-03-2021 04:02 AM

When you install NAM it restricts logon to a single user.  You should be able to tweak a reg key to allow multiple users to be logged on.  See below:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{B12744B8-5BB7-463a-B85E-BB7627E73002}

To configure single or multiple user logon, add a DWORD named EnforceSingleLogon (this should already be there), and give it a value of 1 or 0.

1 restricts logon to a single user.

0 allows multiple users to be logged on.

 

HTH!

Customers Also Viewed These Support Documents