I have deployed ISE for our organization and using cert for machine authentication only. the issue that I saw in several chats talking about host/ prepended to hostname happens for my setup. I have adjust the advanced setting to rewrite host/ so that got fixed when users click on SSID to connect manually. If the computer reboot or just come up on the network it automatically must connect based on wifi profile but when I look into logs I still see host/ is prepended when the machine want to connect without user interaction and the authentication fails. what can cause ISE to not rewrite the hostname when the machine itself tries to connect automatically? Users always have to click manually to connect otherwise host/ prepend is there.
and I see this log on ISE for failed ones
| Event | 5411 Supplicant stopped responding to ISE |
| Failure Reason | 12935 Supplicant stopped responding to ISE during EAP-TLS certificate exchange |
| Resolution | Verify that supplicant is configured properly to conduct a full EAP conversation with ISE. Verify that NAS is configured properly to transfer EAP messages to/from supplicant. Verify that supplicant or NAS does not have a short timeout for EAP conversation. Check the network that connects the Network Access Server to ISE. Verify that ISE local server certificate is trusted on supplicant. Verify that supplicant has a properly configured user/machine certificate. |
| Root cause | Supplicant stopped responding to ISE during EAP-TLS certificate exchange |
