Ok i realized where the issue is. I havent done the certificate part yet and im facing issues binding the certificate signing requests.

Hello Rob,

I tried connecting the pc thats part of the domain but i keep getting this error when trying to connet.

Overview
Event 5434 Endpoint conducted several failed authentications of the same scenario
Username anonymous
Endpoint Id E8:D8:D1:40:35:DD
Endpoint Profile
Authentication Policy Wired
Authorization Policy Wired
Authorization Result

Authentication Details
Source Timestamp 2020-10-05 08:46:16.186
Received Timestamp 2020-10-05 08:46:16.186
Policy Server TCRA-ISE-PAN
Event 5434 Endpoint conducted several failed authentications of the same scenario
Failure Reason 12153 EAP-FAST failed SSL/TLS handshake because the client rejected the ISE local-certificate
Resolution Check whether the proper server certificate is installed and configured for EAP in the Local Certificates page ( Administration > System > Certificates > Local Certificates ). Also ensure that the certificate authority that signed this server certificate is correctly installed in client's supplicant. Check the previous steps in the log for this EAP-TLS conversation for a message indicating why the handshake failed. Check the OpenSSLErrorMessage and OpenSSLErrorStack for more information.
Root cause EAP-FAST failed SSL/TLS handshake because the client rejected the ISE local-certificate
Username anonymous
Endpoint Id E8:D8:D1:40:35:DD
Audit Session Id 0AC8D0640000002514D361EB
Authentication Method dot1x
Authentication Protocol EAP-FAST
Service Type Framed
Network Device Test
Device Type All Device Types#Wired
Location All Locations#TCRA-HQ
NAS IPv4 Address 10.200.208.100
NAS Port Id GigabitEthernet1/0/10
NAS Port Type Ethernet

Other Attributes
ConfigVersionId 128
Device Port 1645
DestinationPort 1812
RadiusPacketType AccessRequest
UserName anonymous
Protocol Radius
NAS-IP-Address 10.200.208.100
NAS-Port 50110
Framed-MTU 1500
State 37CPMSessionID=0AC8D0640000002514D361EB;39SessionID=TCRA-ISE-PAN/390237529/100194;
IsEndpointInRejectMode false
NetworkDeviceProfileName Cisco
NetworkDeviceProfileId b0699505-3150-4215-a80e-6753d45bf56c
IsThirdPartyDeviceFlow false
RadiusFlowType Wired802_1x
SSID 3C-41-0E-F2-25-0A
AcsSessionID TCRA-ISE-PAN/390237529/100194
OpenSSLErrorMessage SSL alert: code=0x230=560 ; source=remote ; type=fatal ; message="unknown CA.s3_pkt.c:1498 error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca [error=336151576 lib=20 func=148 reason=1048]"
OpenSSLErrorStack 2695:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1498:SSL alert number 48
CPMSessionID 0AC8D0640000002514D361EB
EndPointMACAddress E8-D8-D1-40-35-DD
EapChainingResult No chaining
ISEPolicySetName Wired
StepData 4= DEVICE.Device Type
StepData 5= Normalised Radius.RadiusFlowType
DTLSSupport Unknown
Network Device Profile Cisco
Location Location#All Locations#TCRA-HQ
Device Type Device Type#All Device Types#Wired
IPSEC IPSEC#Is IPSEC Device#No
Called-Station-ID 3C:41:0E:F2:25:0A
CiscoAVPair service-type=Framed
audit-session-id 0AC8D0640000002514D361EB
method dot1x

Result
RadiusPacketType AccessReject

Session Events

Steps
11001 Received RADIUS Access-Request
11017 RADIUS created a new session
15049 Evaluating Policy Group
15008 Evaluating Service Selection Policy
15048 Queried PIP
15048 Queried PIP
11507 Extracted EAP-Response/Identity
12500 Prepared EAP-Request proposing EAP-TLS with challenge
12625 Valid EAP-Key-Name attribute received
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12101 Extracted EAP-Response/NAK requesting to use EAP-FAST instead
12100 Prepared EAP-Request proposing EAP-FAST with challenge
12625 Valid EAP-Key-Name attribute received
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12102 Extracted EAP-Response containing EAP-FAST challenge-response and accepting EAP-FAST as negotiated
12800 Extracted first TLS record; TLS handshake started
12805 Extracted TLS ClientHello message
12806 Prepared TLS ServerHello message
12807 Prepared TLS Certificate message
12808 Prepared TLS ServerKeyExchange message
12810 Prepared TLS ServerDone message
12811 Extracted TLS Certificate message containing client certificate
12105 Prepared EAP-Request with another EAP-FAST challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12104 Extracted EAP-Response containing EAP-FAST challenge-response
12105 Prepared EAP-Request with another EAP-FAST challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12104 Extracted EAP-Response containing EAP-FAST challenge-response
12105 Prepared EAP-Request with another EAP-FAST challenge
11006 Returned RADIUS Access-Challenge
11001 Received RADIUS Access-Request
11018 RADIUS is re-using an existing session
12104 Extracted EAP-Response containing EAP-FAST challenge-response
12815 Extracted TLS Alert message
12153 EAP-FAST failed SSL/TLS handshake because the client rejected the ISE local-certificate
61025 Open secure connection with TLS peer
11504 Prepared EAP-Failure
11003 Returned RADIUS Access-Reject
5434 Endpoint conducted several failed authentications of the same scenario

Like I said before "Does the client computer trust the certificate presented by ISE?"

From your output:-

Failure Reason 12153 EAP-FAST failed SSL/TLS handshake because the client rejected the ISE local-certificate
Resolution Check whether the proper server certificate is installed and configured for EAP in the Local Certificates page ( Administration > System > Certificates > Local Certificates ).

I have not configured the certificates as it gives me this error. did not realize it would have this impact. And probably why the client computer does not receive the certificate to accept in the first place.

@jonkimsr after 4+ years I hope the original poster got it figured out.