Hello all,

I hope I am posting this into the right spot.

I am have an odd reoccurring issue with the windows wired autoconfig service that supports 802.1x supplicant for ISE. We are starting to occasionally see systems where the configuration of the service gets reset back to manual startup from automatic. We do use a GPO to set these up as there are way too many systems to manually configured when we add a locations to the system. The systems seem to randomly lose connectivity to the network and when we investigate we usually find the service back in a manual state. Our server folks have found an article out on the internet that states that if a GPO is used to set a service and that system looses connectivity to the domain and the GPO then everything reverts back to the default state which would be manual.

We originally though it was maybe something up with the policy and mabyse something getting hosed between the host policy and the user policies. The ISE policies for host were originally set to allow access by IP address to the ISE cluster, a few servers such as DNS, WSUS, windows updates  and the ports for other services such as domain, LDAP,  etc. We have modified this policy to simply be an IP any any policy to see if maybe it was simply losing a ACL on the switch. The user policy has always been an IP any any ACL. 

Today was when we noticed something has reset the service to manual. I wanted to see if anyone else had ever seen or experienced this issue or may have an idea of how to test to see what could be resetting the policy. I am alos looking for ideas on things to check within the ISE system itself. I am going to see if I can follow a specific user in the log and see what I can find. I am expecting to simply see the user there and then nothing as if the supplicant is shut down all communication with ISE  is shut down from the client side.

I am not sure what else to provide so any thoughts or suggestions are good.

Thanks in advance ....

Brent