- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-21-2016 12:11 PM
Hi Team,
Customer is asking for a feedback on known problems with Win7 built-in manager to manage wireless Auth (Machine Certificate with user PEAP Auth) the network details below:
Windows 7 without AnyConnect and depend on the Win 7 built-in manager
ISE 2.0
WLC 8.1.131.0
I helped the customer to configure this and we did sleep, hibernate, restart, remove the client from ISE and WLC and all the tests were successful BUT when the customer left the Win7 laptop for a few hours and came back he had to logoff and login again to kick off the machine certificate auth because it didn’t happen automatically. The customer called TAC and TAC told him that is known issue with Windows if the OS try to manage the wireless connection and the TAC recommend to install AnyConnect on all PCs or extending the idle timeout for that specific WLAN from the WLC.
Could you please share your thoughts on this.
Thanks,
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2016 03:11 PM
Yes, AnyConnect's 802.1X module is meant to handle the authentication-after-sleep scenario. Microsoft native supplicants are notorious for these scenarios. If AnyConnect is not an option, I would suggest they search Microsoft's Knowledgebase for things like this and patch appropriately:
Scenario 2
You resume the operating system from sleep or from hibernation. The operating system does not respond to the 802.1X reauthentication requests if the authentication instance has a UI request. Therefore, the authentication attempt fails because of a time-out.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2016 03:11 PM
Yes, AnyConnect's 802.1X module is meant to handle the authentication-after-sleep scenario. Microsoft native supplicants are notorious for these scenarios. If AnyConnect is not an option, I would suggest they search Microsoft's Knowledgebase for things like this and patch appropriately:
Scenario 2
You resume the operating system from sleep or from hibernation. The operating system does not respond to the 802.1X reauthentication requests if the authentication instance has a UI request. Therefore, the authentication attempt fails because of a time-out.
