AP > WLC > ISE > AD

milesmet · ‎12-20-2012

Hi,

We have the following issues on a wireless network running PEAP, authenticating on Active Directory through ISE 1.1.2:

Windows 7 laptops: (using native MS wifi drivers) Inconsistent connection attempts. Issue appears to be with certificate on ISE. If local validation is selected on the laptops, connection is mostly ok (security risk however), but if no validation selected, connection fails (Error is cert ' is not configured as a valid trust anchor') - could the 'Certificate Configuration' in this page be the right course of action:

http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bba10d.shtml#topic28

Nokia: The WLC does not appear to receive a valid username (&pass through to ISE) from the handsets and no amount of configuration changes on handset seems to resolve this

Apple devices: Connect OK, but when Domain password changed on a laptop on Domain Controllers/AD, the iPhone/Pad wireless authentication continues using old credentials, until a reboot or extended period of time (Email however seems to prompt for new password on Apple devices immediately upon change on DC/AD).

Windows XP (using Intel v12 drivers), Blackberry's and Android devices work well without issues.

Any suggestions appreciated.

George Stefanick · ‎12-20-2012

On your first question. Are you vaildating the certifciate on the client ? If you are, the cert needs to be in the root store of the client to vaildate.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________