"If the ACS's certificate on the wireless client is invalid (which depends on the certificate's valid "from" and "to" dates, the client's date and time settings, and CA trust), then the client will reject it and authentication will fail. The ACS will log the failed authentication in the web interface under Reports and Activity > Failed Attempts > Failed Attempts XXX.csv with the Authentication Failure-Code similar to "EAP-TLS or PEAP authentication failed during SSL handshake." The expected error message in the CSAuth.log file is similar to the following."
I encounterd problems with Vista with PEAP. I enabled CCKM with 820.1x and Vista clients were not able to associate. CCKM was the problem for me, aafter disabling CCKM Vista clients also worked fine. This is an MS issue because Vista doesn't support CCKM.
I had the same problem. the setting on your controller is wrong. set your controller wlan security for wpa + tkip....wpa2 + aes..key management 802.1x only.. *** only this combination will work with vista. If you enable cckm or check AES with wpa or check tkip with wpa2. Your user will see a security policy mismatch on the clients end and will not be able to authenticate. good luck