Solved: renaming workstation breaks authentication

llee1962 · ‎10-22-2020

Hello everyone, we are new to ISE and can't figure something out. We seem to have come across a problem where if we rename a workstation that is connected to our wireless network, it cannot re-connect to the network because it fails authentication. We can't seem to figure it out. We've reimporting all the certificates and even renamed the workstation back to the original name. We're tried rejoining the workstation to the domain. Has anybody else come across this? We're running ISE 2.7.0.356. Here is a message from the log:

Event	5400 Authentication failed
Failure Reason	12519 EAP-TLS failed SSL/TLS handshake because of an unsupported certificate in the client certificate chain

Greg Gibbs · ‎10-25-2020

See a similar post here. There is something in the client certificate chain that ISE does not support.

I'm not sure why this is happening after renaming the workstation, but maybe that's triggering a GPO to enroll a new client cert and the auto-enrollment is using a cert template with something not supported by ISE. You might check the computer certificate before/after the name change, check the client logs, etc.

View solution in original post

Greg Gibbs · ‎10-25-2020

See a similar post here. There is something in the client certificate chain that ISE does not support.

I'm not sure why this is happening after renaming the workstation, but maybe that's triggering a GPO to enroll a new client cert and the auto-enrollment is using a cert template with something not supported by ISE. You might check the computer certificate before/after the name change, check the client logs, etc.