We are migrating from an autonomous wireless infrastructure to Unified infrastructure and have come across an issue with clients unable to automatically provision a PAC.
The same ACS server is being used for authentication and eap-fast has been working for a number of years now. Upon a failure, the client (ACU 6.4) says "provisioning failed" whilst the ACS failed attempt logs says "EAP-TLS or PEAP authentication failed during SSL handshake"
If I take the client PC into an area where the old infrastructure has coverage the client provisions fine and authenticates. If I then bring the client back into the new coverage area it authenticates fine. It appears it's just the PAC provisioning that is failing.
Interestingly, newer CB21 cards which are ABG provision fine. Anybody else had problems like this?
ACS is v3.3
ACU is v6.4
WLC is 220.127.116.11
APs are 1240's