This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
i have deployment ISE version 3 and AnyConnect NAM user and machine authentication (Certificate )Eap-chain with 2 user login to same windows Machin
first user able to connect but second user he got no valid certificate how i can solve this issue
yes first user when he login in MMC personal certificate certificate is there
but second user he can login but no certificate ,then ISE is blocking all traffic
i use work around ,changed user Auth EAP-FAST ->Authenticate using a password EAP-MSCHAPV2
Assuming what Mike.Cifelli brought up not an issue for you, I would suggest you to check the event logs for certificate auto-enrollment, if that is what you are using, and ensure to provide connectivity for that. Still, I myself ran into some timing issues and ended up manual invoking the certificate enrollment.
When you install NAM it restricts logon to a single user. You should be able to tweak a reg key to allow multiple users to be logged on. See below:
To configure single or multiple user logon, add a DWORD named EnforceSingleLogon (this should already be there), and give it a value of 1 or 0.
1 restricts logon to a single user.
0 allows multiple users to be logged on.