I have a Cisco WLC talking to a ACS 4400 version 5.1 which in turn talks to Active Directory.
Ive been trying to get 802.1x for wireless clients going, I have a cert on the ACS from verisign on the box but when users try to sign in they get 12309 PEAP handshake failed in the ACS RADIUS log.
The cert was exported and placed directly on the testing laptop and at one point it all worked. I stepped away from it for 2 weeks to get a new internal CA built on a windows box, now coming back to it with the intent of issuing new certs to the ACS from the internal CA and thought I would check it to make sure all was good, but its not.
Google doesn’t return happy results for “12309 PEAP handshake failed”, I opened a TAC case on it and they took my cert to their lab. Haven’t heard back. I was wondering if the netpro community had any ideas.
Try to authenticate to an internal ACS user and see if you have the same problem.
If that works then you at least have it narrowed down to ACS/AD communication and
can concentrate on that in the TAC case. Unfortunatly I have not seen the exact error
you are running into.
Are you authenticating a user or a machine when this error is seen?
Clients need to verify that they trust the certificate installed on ACS. Make sure you install
the CA certificate from your internal CA onto your laptop. A good way to tell if this is the issue
is to uncheck the "verify server certificate" checkbox on your client and see if it still fails.