PEAP TLS Wired

Saeid · ‎07-30-2020

Hi guys

I have a big problem in my envirenment.

I installed Cisco ise 2.7 and upgarded to patch2.

my scenario is peap tls. our clients are non domain join so users login locally.(windows 10)

we have a windows certificate server that generate certficate for users and users installed it on his certificate store.

other methods such as PEAP mschapv2-EAPFast works but PEAPTLS and EAPTLS dosent work.

after configure windows native supplicant for user authentication we get this error in ise:

Endpoint abandoned EAP session and started new

Also I migrated to use cisco anyconnect with peaptls but i got below error during authtication

cisco anyconnect no valid certificates available. please insert a smart card

Greg Gibbs · ‎07-30-2020

It sounds like you're trying to use a certificate for 802.1x on a client that either does not have the correct certificate requirements or for which the client does not have the private key. The supplicant (native or AnyConnect NAM) will not present a certificate for 802.1x if that certificate does not meet the requirements or the client does not have the private key.

See the following link for some info on minimum certificate requirements:

Certificate requirements when you use EAP-TLS or PEAP with EAP-TLS

Saeid · ‎07-31-2020

I met all the requirements but I get below error

5440 Endpoint abandoned EAP session and started new

after almost 2 minutes I get below error

12942 Supplicant stopped responding to ISE during conducting inner EAP-TLS method

My user has client authentication purpose certificate and ise has server authetication purpose certificate

I have a user with name ise and below certificate (Attachments)

Windows event viewer error is attached