Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

dal
New Member

ISE 1.1.4 and Windows 2012 AD

Hi.

I'm trying to get 802.1x certificate authentication up and running. I want to use both user and machine certificate.

On "vanilla" v1.1.4, I got an error message with user certificate. After some reading it seems support for AD 2012 was added in patch 2.

So I installed patch 4, and user certificate authentication works!

But I still have problems with machine certificate authentication.

I get these errors:

Machine authentication against Active Directory has failed.

Check whether the machine's account is present and enabled in Active  Directory. Also, check whether the Active Directory is reachable.

But the machine is indeed both present and enabled in AD.

And AD is working too. I know this from the user certificate authentication, because binary comparison is enabled:

24432  Looking up user in Active Directory - Dal@gaasdal.net

24469  The user certificate was retrieved from Active Directory successfully

22054  Binary comparison of certificates succeeded

22037  Authentication Passed

12506  EAP-TLS authentication succeeded

So is Windows Server 2012 AD supported for machine authentication? Or do I need to go go v1.2 for that?

Or it could just be something wrong with my setup

Thanks.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions

ISE 1.1.4 and Windows 2012 AD

HI,

Support for 2012 is official in 1.2, the release notes lists this as a new feature.

http://www.cisco.com/en/US/docs/security/ise/1.2/release_notes/ise12_rn.html#wp376082

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
5 REPLIES
Bronze

Re: ISE 1.1.4 and Windows 2012 AD

can't remember clearly but 1.1.4 may not support 2012 AD.

1.1.3 with latest patch should do... please check release notes...

1.2 should support it.
Sent from Cisco Technical Support iPad App

dal
New Member

ISE 1.1.4 and Windows 2012 AD

Hi, and thank you for answering.

The release notes (for both 1.1.3 and 1.1.4 says:

CSCug98513: Integrate components to support AD 2012 or mixed mode (2008)

Centrify version is upgraded to support Active Directory 2012 and mixed 2008/2012 environments.

That's all that is mentioned about 2012 AD.

Not sure what it means, though.

ISE 1.1.4 and Windows 2012 AD

HI,

Support for 2012 is official in 1.2, the release notes lists this as a new feature.

http://www.cisco.com/en/US/docs/security/ise/1.2/release_notes/ise12_rn.html#wp376082

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
dal
New Member

ISE 1.1.4 and Windows 2012 AD

Yes.

I upgraded to v1.2, and my configuration worked right away.

Thank you.

New Member

ISE 1.1.4 and Windows 2012 AD

Please look in the chapter 5, information to configure AD & debugs are mention.

http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_ug.pdf

429
Views
0
Helpful
5
Replies