Hi All,
We are facing issue in Windows 11 to authenticate with Cisco ISE 3.1 using EAP-TLS. Same issue was in ISE 2.6. Then we upgraded but issue was not fixed. No any connect or posture modules are in use. Simple EAP-TLS authentication we are trying. Root and Intermediate certificates are available on Windows 11 machine. When machine tries to connect, Action Required message pop ups in windows to sign in. But sign in fails too. Surprisingly same windows 11 machines EAP-TLS authentication works fine with Aruba Clear pass but fails in Cisco ISE. Cisco TAC has advised to open case with Microsoft too. Windows 10 machines are working fine. But when we connect windows 11 machine then getting given below error,
| Event | 5400 Authentication failed |
| Failure Reason | 12511 Unexpectedly received TLS alert message; treating as a rejection by the client |
| Resolution | Ensure that the ISE server certificate is trusted by the client, by configuring the supplicant with the CA certificate that signed the ISE server certificate. It is strongly recommended to not disable the server certificate validation on the client! |
| Root cause | While trying to negotiate a TLS handshake with the client, ISE received an unexpected TLS alert message. This might be due to the supplicant not trusting the ISE server certificate for some reason. ISE treated the unexpected message as a sign that the client rejected the tunnel establishment. |
