After research I know this is possibly a Nokia issue, and there are many discussions on this PEAP issue on Nokia, but I wanted to Check from ISE side if anything can be done: Apple devices, Android & Blackbeerry all connect and authenticate ok, through AP's > WLC (5508) > ISE > ActiveDirectory But Nokia's all get error: 12321 PEAP failed SSL/TLS handshake because the client rejected the ISE local-certificate No matter what configuration I try on the handset The certificate in use is from Verisign and as mentioned works on other devices Any idea's what can be done on either Nokia handset or ISE? ISE logs (correct username coming through: ISE logs (with different config on handset, which reuslted in username difference from above):
... View more
Hi, We have the following issues on a wireless network running PEAP, authenticating on Active Directory through ISE 1.1.2: Windows 7 laptops: (using native MS wifi drivers) Inconsistent connection attempts. Issue appears to be with certificate on ISE. If local validation is selected on the laptops, connection is mostly ok (security risk however), but if no validation selected, connection fails (Error is cert ' is not configured as a valid trust anchor') - could the 'Certificate Configuration' in this page be the right course of action: http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bba10d.shtml#topic28 Nokia: The WLC does not appear to receive a valid username (&pass through to ISE) from the handsets and no amount of configuration changes on handset seems to resolve this Apple devices: Connect OK, but when Domain password changed on a laptop on Domain Controllers/AD, the iPhone/Pad wireless authentication continues using old credentials, until a reboot or extended period of time (Email however seems to prompt for new password on Apple devices immediately upon change on DC/AD). Windows XP (using Intel v12 drivers), Blackberry's and Android devices work well without issues. Any suggestions appreciated.
... View more