Have you fixed your issue?
I am facing same issue in client environment, we are not using certificate base auth, using dot1x auth from AD only.
I have fixed this issue. I have just reconfigured windows supplicant for windows 10.
Just uncheck " Enable single sign on for this network" on the supplicant configuration.
You have to disable port security on the switch too, if it is enable.
This is for wired system, what would be the win 10 supplicant setting for wireless dot1x ssid.
It's work very fine for windows 7 without this changes. Ok I understand i will do the modifications and I will back to you.
I have resolved the issue
Firstly I have configured native supplicant profile on cisco ISE.
Secondly, I uncheck "Enable single sign-on for this network" in the supplicant windows configuration. Finally all is work fine now.
I highly recommend that you review the steps and configurations in our ISE Wired Access Deployment Guide . There is a specific section for Configuring Microsoft Windows and Apple OS X Devices for 802.1X