I have a weird problem and have difficulty troubleshooting it. First I will explain briefly my envrionnement :
I'm using WCS + 2 WLC in order to provide wireless for all people in the company (headquarter + outstations).
Basically I have configured a WLAN using 802.1x EAP-TLS with SSID broacasted "CORP1" and authentication with Cisco Secure ACS 188.8.131.52.
I'm also using two ACS with same version in order to have redundancy.
Everything is working fine but now I have to do a little change :deploying the same corporate wireless but with another SSID in order to replace the CORP1 by CORP2 (in several outstations).
So the WLAN CORP1 and 2 have exactly the same configuration (just profile name and SSID are different).
Now the problem : when people try to connect to the CORP2 it's working for several of them but for the other it's not working. All client use the same kind of laptop with same configuration.
After few investigation I have found that the error is located on the ACS and I get the following error:
Authen session timed out: Challenge not provided by client
On client side using windows XP the status blocking at the step "Attempting to authenticate".
I tried to do the authentication on the first acs and then on the second but same issue.
I have done investigation with Wireshark and it seems that the computers does'nt sent certificate :
12 0.909923 Cisco_XX:XX:XX IntelCor_YY:YY:YY TLSv1 Server Hello, Certificate, Certificate Request, Server Hello Done
13 0.918017 IntelCor_YY:YY:YY Cisco_XX:XX:XX EAP Response, EAP-TLS [RFC5216] [Aboba]
And when it works correctly I have the following....:
So have you some ideas what's going on ? and possibility to help me to solve this problem ?
Of course if you need addtionnal information feel free to ask.
Many thanks in advance,