Showing results for 
Search instead for 
Did you mean: 

Cisco ISE: 802.1x [EAP-TLS] + List of Applicable Hot-Fixes

Dear Folks,

Kindly suggest the list of all possible Hot-Fixes required for the Cisco ISE EAP-TLS solution... We have applied 9 HotFixes so far. But, still the connectivity is intermittent. Is there any list for all applicable Hot-Fixes?

OS = Win 7 SP1 (32/64 Bit) and Win 8



Mubasher Sultan


Cisco ISE: 802.1x [EAP-TLS] + List of Applicable Hot-Fixes

Hi Mubasher

  1. KB2481614:      If you’re configuring your 802.1x settings via Group Policy you’ll see      sometimes EAP-PEAP request from clients in your radius server log during      booting even if you’ll set EAP-TLS. This error happened in our case with      1/3 of the boots with some models. The error is caused by a timing problem      during startup. Sometimes the 802.1x is faster and sometimes the Group      Policy is, and if the 802.1x is faster than the default configuration is      taken, which is PEAP. Which lead to a EAP-NAK by the radius server.
  2. KB980295:      If an initial 802.1x authentication is passed, but a re-authentication      fails, Windows 7 will ignore all later 802.1x requests. This hotfix should      also fix a problem with computers waking up from sleep or hibernation –      but we’ve disabled these features so I can’t comment on them.
  3. KB976373:      This hotfix is called “A computer that is connected to an IEEE      802.1x-authenticated network via another 802.1x enabled device does not      connect to the correct network”. I can’t comment on this, as we’ve not      deployed 802.1x for our VoIP phones at this point.I would guess it is the      same for Windows 7 too. The linked article tells you to install the patch      and set some registry key to lower the value.
  4. KB2769121:      A short time ago I found this one: “802.1X authentication fails on a      Windows 7-based or Windows 2008 R2-based computer that has multiple      certificates”. At time of writing I’m not sure if it helps for something      in my setup. According to the symptoms list of the hotfix, it does not,      but maybe it helps for something else, as the one before does.
  5. KB2736878:      An other error during booting – this time it happens if the read process      starts before the network adapter is initialized. Really seems that they      wanted to get faster boot times, no matter the costs.
  6. KB2494172:      This hotfix fixes a problem if you’ve installed a valid and invalid      certificate for 802.1x authentication. The workaround is just deleting the      invalid certificate. I’m not sure at this point if it affects also wired      authentication.
  7. KB976210:This      problem occurs only during automated build processes and if you use an EAP      method which needs user interaction – as I don’t do that I can’t comment      on this hotfix.

For more information please go through this link:

Best Regards:

Muhammad Munir


Cisco ISE: 802.1x [EAP-TLS] + List of Applicable Hot-Fixes

Thanks Munir...  I have already applied all except the last one (but it is not needed in my enviroment, as discussed with my system team)

Here is my list too!

1-      Kb 980295:

2-      Kb 976373:

3-      Kb 2710995:

4-      Kb 2736878:

5-      Kb 2769121:

6-      Kb 2481614:

7-      Kb 2494172:

8-      Kb 2491809:

9-      Kb 2835595:

Also, the suggested ( one can be replaced for Windows 7 as below;

What my expection is that is there any list from Cisco which are recommeded during the ISE (EAP-TLS) deployment...

Thanks for the feedback but looking for more !!!


Hello Muhammad,Would you

Hello Muhammad,

Would you recommend this hotfixes for use with Anyconnect NAM?


Best Regards.