Hello Arne,

Thank you for your reply. I change the TlsVersion in a registry settings because the windows 10 PC does not respond to 802.1x authentication. It seems like there was no device.

After Change the TlsVersion, it seems like the NAC agent failed to communicate with the ise server.

Best regards,

Aristide AKAFFOU

Are you doing user authentication only with the Windows native supplicant or machine plus user (EAP chaining) with AnyConnect NAM?

Hello,

I am doing user authentication only with the windows native supplicant.

Best Regards,

Aristide AKAFFOU

Then like Arne suggested, a look at the RADIUS live log detail for a failed authentication should either tell us exactly what the problem is or tell us where to probe a bit deeper.

Are you able to share an example?

Hello,

When I made the command "show authentication session interface gigabitethernet x/x/x", it tells me that radius authentication is stopped and the PC use mab.

In the ISE server the message tells that "Clients stopped Responding" and the failure reason is "12937Supplicant stopped responding to ISE after sending it in the first inner EAP-MSCHAPv2 message"

"12940Supplicant stopped responding to ISE during conducting inner EAP-MSCHAPv2 method"

Best Regards,

Aristide AKAFFOU

I'm thinking if it moved on to the inner method that the outer method which uses TLS is OK. It sounds like one of the other settings in your native supplicant. If checking and comparing those with a working non-Windows 10 supplicant didn't work, I would troubleshoot by grabbing a packet capture during the failure and looking at what's going on at the protocol level.

Or you could just open a TAC case. 

I suggest you to move into ISE 2.4. Based on my understanding, version 2.3 is a buggy one and has been deferred.