Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2867
Views
15
Helpful
2
Replies

Windows machine is unable to pass Wireless 802.1x authentication

Go to solution
jumperdub
Level 1
Level 1

‎09-27-2019 12:15 AM

Hi there,

 

I have just deployed wireless 802.1x and found some issues on windows machine only. All windows machine is in the domain.

But this issues has occured on some device. Not all of them.

 

I'm not sure that the issues happend because the "Use my window user account" option was checked when connect to the WiFi. That's why the window machine send username credential to ISE as "USERNAME" instead of the actual username.

 

Now I have resolved the problem by forget the network on client device and reconnect around 2-5 times.

 

Anyway, I want to know the root cause of this one.

 

filtered only authen failedfiltered only authen failedScreenshot (138).pngScreenshot (139).pngScreenshot (140).pngScreenshot (141).png

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni

‎09-27-2019 08:16 AM

To me it looks like those machines just didn't receive the full GPO with the ISE certificate and protocol settings for 802.1x.  You see USERNAME instead of the real username because the client hasn't sent the identity information yet.  Mainly because it either rejected ISE's certificate or was trying to use a protocol that ISE wasn't allowing.  Try connecting the machines to the wired network or another SSID that doesn't require 802.1x to give it time to download the GPOs properly.

View solution in original post

2 Replies 2

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni

‎09-27-2019 08:16 AM

To me it looks like those machines just didn't receive the full GPO with the ISE certificate and protocol settings for 802.1x.  You see USERNAME instead of the real username because the client hasn't sent the identity information yet.  Mainly because it either rejected ISE's certificate or was trying to use a protocol that ISE wasn't allowing.  Try connecting the machines to the wired network or another SSID that doesn't require 802.1x to give it time to download the GPOs properly.

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎09-27-2019 08:25 AM

First glimpse at your radius detailed logs:
-Ensure that your supplicant is configured to support the EAP protocols you are attempting to use. Ensure that your ISE allowed protocols profile used in your policy allows the expected protocols.
-As mentioned by @Colby LeMaire if using native supplicant ensure you have proper GPOs setup for configuration, etc.

-If using NAM you need to make sure that your NAM profile was properly configured to support your respective protocols.

In my experiences those logs typically mean the supplicant is not configured properly.  Good luck & HTH!

Customers Also Viewed These Support Documents