I am trying to setup ClearPass OnBoarding for Windows laptops to push a wireless profile for 802.1x authentication via EAP-TLS. I configured a provisioning profile and the provisioning settings. The Windows laptop can connect to the OnBoarding page and the QuickConnect client is executed. It seems that the provisioning is successful, because I see new certificates in the user and computer certificate store and a wireless connection profile is available.
When I try to connect to the 802.1x secure wireless network, I receive the following error message in the CPPM Access Tracker: EAP-TLS: fatal alert by client - access_denied.
This error is caused by the Validate server certificate option within the wireless profile. I am using ClearPass as CA and the correct intermediate and root certificates are pushed to the client and are checked within the wireless network profile.
As soon as I manually disable the check to Validate server certificate, the Windows laptop connects without any problems. I guess the problem is located in the Trust configuration of the wired network configuration in ClearPass Guest. Is someone familiar with this problem?