WIN10 can't connect to 802.1X wireless

Uncle ZZL · ‎03-18-2025

Hi !

In my company ,some pc can't not connect to 802.1X WIFI 。The ISE log is shown that the username is "USERNAME", it is wrong，because i enter the username on the pc is "guest" . And also "12321 peap failed.....", just like the screenshot.

捕2233获.PNG

And I check the PC events , the identity is also wrong, the correct name is "guest" . The "Reason text" means

"Failed to receive the EAP" . The "EapRootCauseString" means

"Network authentication failed due to user account problems".

Most computers have had this problem, and there is randomness. I tried to solve it by the following method:

1. Modify PC regedit , create TlsVerion Dword key and the value is C00.

2. Add the SSID manually and ignore the cerificate

Sometime it work but sometimes not. And Sometimes the PC can connect successful an hour later or longer ,

I didn't do anything, but the event was resolved.

The ISE version is 3.1 , The WLC version is 17.09.04a - SMU-PATCHED.

How can i resolve this problem ?

Thank you all !

marce1000 · ‎03-18-2025

- FYI : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCty36936

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Uncle ZZL · ‎03-19-2025

Hello, i had did it , i disable the option "Validate server certificate" ,but it not work.

klnnnnng · ‎03-19-2025

It is recommended to implement certificate validation when using PEAP. If you don't want to use it for some reason you can try ignoring the certificate as you already did. I would check the wireless profile configuration again -> "User and Computer authentication" under the Security/Advanced Settings tab. Try changing to User authentication.

Uncle ZZL · ‎03-19-2025

Hello, i had did it , but it does not work.

Scott Fella · ‎03-19-2025

Your configuration on the machine is wrong. If you want to just enter a username and password, then make sure the PC is set to "User" only, not "User and Computers". You logs shows that the PC is sending its machine credentials not a username.

-Scott
*** Please rate helpful posts ***

Uncle ZZL · ‎03-19-2025

Hello, i had config the 802.1X "Specify the authentication mode" is "the user authentication" , but sometimes it does not work.

Scott Fella · ‎03-21-2025

Is this a domain machine or manually configured wireless profile? When you set "user" on the wireless 802.1x profile on a Windows machine, it will never try to auth using the computer credentials. It really comes down to what you are tyring to do here. If these are domain joined machines, there are in a computer group in AD and you can build a rule in ISE to allow access, similar to what you are doing for users. Maybe its an issue with that device if other similar devices do no show that issue.

Bottom line, compare that device with other devices. If you have other devices that don't have any issues, you kind of isolated the issue to that device or that model of device. Make sure that the drivers are similar as that can also be an issue.

-Scott
*** Please rate helpful posts ***

JPavonM · ‎03-20-2025

try to rejoin the laptop to the AD. This happens to me randomly also with ISE 3.3p4, and with PEAP with machine authN and no cert validation, and that use to fix it.

We are planning to move to EAP-TLS with cert validation as this is industry's best practice, and more secure.