Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Windows 8 not working CA certificate

Hello freinds ,

One of my customer has a wireless network. All the laptops have a CA certificate installed for authentication purpose.

Of late a CEO has come in with a new laptop which has Windows 8 installed in it.

After installing the certificate the machine does not get authenticated. It shows as authentication failed.

However, the windows 8 laptops works fine without the certificate.

The ACS log is attached.

The ACS is running on version 5.4 & the WLC is running on 7.0.235.3.

Need your help on this.

1 REPLY

Windows 8 not working CA certificate

Hi Nelson,

Give this a read ..

Symptoms or Issue

User authentication is failing on the client machine, and the user is receiving a "RADIUS Access-Reject" form of message.

Conditions

(This issue occurs with authentication protocols that require certificate validation.)

Possible Authentications report failure reasons:

"Authentication failed: 11514 Unexpectedly received empty TLS message; treating as a rejection by the client"

"Authentication failed: 12153 EAP-FAST failed SSL/TLS handshake because the client rejected the Cisco ISE local-certificate"

Click the magnifying glass icon from Authentications to display the following output in the Authentication Report:

12305 Prepared EAP-Request with another PEAP challenge

11006 Returned RADIUS Access-Challenge

11001 Received RADIUS Access-Request

11018 RADIUS is re-using an existing session

12304 Extracted EAP-Response containing PEAP challenge-response

11514 Unexpectedly received empty TLS message; treating as a rejection by the client

12512 Treat the unexpected TLS acknowledge message as a rejection from the client

11504 Prepared EAP-Failure

11003 Returned RADIUS Access-Reject

11006 Returned RADIUS Access-Challenge

11001 Received RADIUS Access-Request

11018 RADIUS is re-using an existing session

12104 Extracted EAP-Response containing EAP-FAST challenge-response

12815 Extracted TLS Alert message

12153 EAP-FAST failed SSL/TLS handshake because the client rejected the Cisco ISE local-certificate

11504 Prepared EAP-Failure

11003 Returned RADIUS Access-Reject

Note This is an indication that the client does not have or does not trust the Cisco ISE certificates.

Possible Causes

The supplicant or client machine is not accepting the certificate from Cisco ISE.

The client machine is configured to validate the server certificate, but is not configured to trust the Cisco ISE certificate.

Resolution

The client machine must accept the Cisco ISE certificate to enable authentication.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
468
Views
0
Helpful
1
Replies
CreatePlease to create content