I am currently in the process of rolling out Dot1x in a small classified network. The network has the following:
(12) Windows 10 Machines using native supplicant software
(1) Cisco C9300 acting as the authenticator
(1) Cisco ISE acting as the authentication Server using AD for credentials
I configured certificate auto-enrollment for machines and users in the AD and it is working fine; all machines as well as users are able to get their certificate to authenticate with EAP-TLS. Everything was working fine until I had to switch around 3 machines to different switchports. Out of the 3 machines that I switched around only 1 can still authenticate. The others two no longer can.
I am thinking this might have something to do with the mac address-table, DHCP or something like that. Anyone have had this issue before? Any help will be appreciated!
That issue is most often due to supplicant configuration issues. It can be difficult to troubleshot due to there being so many potential variables on endpoint configurations. I'd start with verifying the various settings under the supplicant configuration (security tab of the network adapter properties). You didn't mention how you pushed out the configurations - was it via GPO or manually set them?