ISE 1.2 EAP Chaining and Windows 8 - Auth failures

Unanswered Question
Sep 15th, 2013
User Badges:

Hi All,


I've got a couple sites that appear to have issues with EAP chaining, ISE 1.2 and Anyconnect client on windows 8 enterprise.


Basically the windows 8 machines authenticate intermittently and randomly but largely fail auth. 


Often the client will work perfectly for a boot even after a few reboots etc and then might stop working.  Other clients won't work at all no mater what settings you configure.


Outer Method - EAP-FASTv2

Inner Method - MSChapV2

ISE 1.2 with Patch 1 (latest)

Windows 8 Enterprise - with patch http://support.microsoft.com/kb/2743127

Anyconnect Client  3.1.0466 (latest)

Machine and User Auth Against AD.

Cert checks disabled for testing.

Clients using same configuration.xml file


Symptom is Anyconnect prompts for username / password instead of using existing credentials.  Typing credentials doesn't work.


Logs show failed "anonymous" authentications or client EAP timeouts.


Cheers

Peter.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
v.ivanovic Sun, 09/15/2013 - 23:08
User Badges:

Hi Peter,


It sounds like the Inner Method is not being negotitated properly so its only reading the Outer Method which by default is set to show "Anonymous" in AnyConnect Profiles.


Is it possible to upload a PDF version or copy paste the output of the failure from ISE's perspective?


Kind Regards,


Vlad

sudheere Fri, 02/21/2014 - 06:29
User Badges:

Hi,

I am facing same issue when I use EAP-chaining with win7 client PC. I am following Cisco's document. It works occassionaly. But fail mostly showing anonymous user. Please help me on this.

Actions

This Discussion