04-27-2017 06:38 AM
We installed a new certificate in Clearpass 6.6.3 server but had to back it out because 30 out of 1000's of clinical workstations were failing PEAP authentication with error code 215.
Some info about new cert:
-Addtrust Root Authority same as old certificate but 2 extra intermediates that had to be added to Clearpass trust list.
-1 cert with "generic" CN and multiple SANs used for 3 servers. SANs exactly match server names/dns.
Windows clients configured via GPO, that has Addtrust server checked. 1000's working properly, 30 failing.
A "rebuild" of one of the failing devices solved the issue by is time consuming. What could be missing from the other problematic devices? Corrupt cert store?