Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

EAP-TLS or PEAP authentication failed during SSL handshake. !!???

I get an error when I want to authenticate a user which is using smart card to log into a win 2003 VPN server which uses Cisco Secure ACS 4.0 as AAA Server.

When I use password the is no problem but when using smart card I see this error! In the CSAuth.Log file this error message is shown: "bad record mac" Could anyone please help me with this error message?


Re: EAP-TLS or PEAP authentication failed during SSL handshake.

Hi ,

"EAP-TLS or PEAP authentication failed during SSL handshake"

1. Certificate corruption so can try to reinstall the certificates.

2. No root CA certificate installed on client and "Validate Server Certificate" is

enabled on client.

Make sure you have certs installed properly.



New Member

Re: EAP-TLS or PEAP authentication failed during SSL handshake.


Thanks for your help, I re-installed root certificate in ACS machine and client and unchecked server certificate validation in client side connection options but still the problem is not solved.

I think that the certificate on the smart card might have some wrong properties. Here I have listed key properties of the certificate on my smart card, Do you see anything wrong here?

Enhanced Key Usage= Client Authentication, Smart Card Logon

Key Usage= Digital Signature, Non-Repudiation, Key Encipherment, Data Encipherment

A yellow exclamation mark is shown on the key usage icon which means tha key usage field is critical.


CreatePlease login to create content