OK, here's the issue :
Customer site - 1130 series LWAPP AP's, WLC 4400 series with 4.2 release, WCS with 4.2 release.
ACS SE 4.0 and a second ACS SE with 4.1
Windows XP clients using WZC, all settings for connecting to WLAN are set, and everything works fine as long as the user has logged onto the lappie previously using a wired connection.
Machine authentication not working. i.e. a user can't logon until they've previously logged on.
Nothing shows on ACS failed or passed attempts. All settings for PEAP machine authentication are setup as per Cisco docs on the ACS. Client end ok.
Tried a GPO to push MS 802.1x settings for EAPOL and Supplicant info to machines, but still no machine logon.
ACS using a self signed cert, option to validate server cert on XP wzc unchecked.
Can't see wood for trees now, bits of kit will start to leave the building via the window before much longer....
Please tell me we don't need to install certs on clients - through PEAP was server side only ? Surely ?
Help, someone, help...