This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 98%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
I am in the process of deploying wired network authentication using 802.1X. The tools in use are:
I have created a network profile and exported and put it into MS Intune and begin testing. Testing for the most part went well. Few minor things to fix, but overall was good. I started with a small group of 5 people, then slowly expanded the testing from 5 > 20 > 50 users. All had no issues. So i began phased rollouts. Did 100 people, then a few days later, 100 more. I have almost 300 users now fully on 802.1X. Just recently problems started to arise. About 15 or so users are failing 802.1X authentication and rolling over to MAB. < This is not good. All these endpoints are the same. Same hardware, same AD OU's/Groups, Same 802.1X settings, etc. They all have the proper machine and user certificates + Root CA. (Cert chain is good).
It seems these end points stop responding to ISE/ EAP authentication requests. I have a Cisco TAC support case open as well. But i think the issue is with Windows so i dont think Cisco is going to be able to help much.
Has anyone else deployed this config and know how to troubleshoot it? I've looked at the EAP logs, Wired AutoConfig logs, etc - no help there.
Any help is appreciated.
Hello Mike,
I don't have your configuration, but I have played with implementing a TEAP authenticator under Windows/NPS (Exploring Identity Privacy, TEAP and TTLS in conjunction with Microsoft Network Policy Server).
The Microsoft.Windows.EapTeap ETW provider gives useful insight into the behaviour of the TEAP supplicant:
If you want to pursue that line of enquiry and need help with interpreting the trace data then let me know.
Gary
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 53%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECB%3C/text%3E%3C/svg%3E)
Would be interested to know how this story ended as I'm considering a similar journey. Did you ever find out what was causing the issue?