cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2335
Views
4
Helpful
6
Replies
Beginner

Windows 10 and ISE 2.1.0.474

Hello,

I was wondering if anyone has seen issues with Windows 10 and ISE 2.1.0.474.  We just upgraded ISE Tuesday night and are starting to roll out Windows 10 and am finding those devices cannot connect to wireless.  The error is:

12309 PEAP handshake failed

I found an article that indicates Windows 10 and an older version of ISE had issues:

https://support.microsoft.com/en-us/kb/3121002

If any more information is needed, please let me know. 

Any comments or advice would be appreciated. 

Thanks,

Beth

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Windows 10 and ISE 2.1.0.474

Please engage TAC on this. Why would Windows 10 attempt SSL3_GET_CLIENT_HELLO? Is registry modified on the Windows 10 to enforce older SSL/TLS protocols? Is this not Windows 10 version 1511?

Note that our product and support teams do not support any pre-release or insider builds but I am not aware of any issue in PEAP auth with ISE 2.1.

View solution in original post

6 REPLIES 6
Highlighted
Beginner

Re: Windows 10 and ISE 2.1.0.474

More info:

OpenSSLErrorMessage  SSL alert: code=0x228=552 ; source=local ; type=fatal ; message="handshake failure" 

OpenSSLErrorStack  139992965986048:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1443:

Highlighted
Cisco Employee

Re: Windows 10 and ISE 2.1.0.474

Please engage TAC on this. Why would Windows 10 attempt SSL3_GET_CLIENT_HELLO? Is registry modified on the Windows 10 to enforce older SSL/TLS protocols? Is this not Windows 10 version 1511?

Note that our product and support teams do not support any pre-release or insider builds but I am not aware of any issue in PEAP auth with ISE 2.1.

View solution in original post

Highlighted
Beginner

Re: Windows 10 and ISE 2.1.0.474

Thank you.  It is build 1511.  I have opened a ticket with TAC.  I will try to update this with the solution. 

Highlighted
Beginner

Re: Windows 10 and ISE 2.1.0.474

It looks like the patch for this problem regressed in 2.1.  The engineer I am working with is contacting the developers.  In the meantime, this link provides a work around.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuw88770

Highlighted
Beginner

Re: Windows 10 and ISE 2.1.0.474

Thanks for the link and workaround.

Is there any update on your TAC or has this issue been solved by a new release?

Highlighted
Beginner

Re: Windows 10 and ISE 2.1.0.474

We had so many issues with this release, we ended up rolling back.  I need to revisit this at some point...