I am having devices that all of a sudden will not use NAC and it is under one of two conditions.
1. If the device has more than one certificate and one of them is not a client auth or doesn't have email as the subject name or
2. The device has two client auth certificates and one of them is expired.
In both cases there was not an issue for several weeks and then all of a sudden the device stops working.
Does it reach Clearpass ? If yes, what is the output of this MAC in the access tracker.
If it doesn't you might want to look at 802.1X debugging on the controller which you can find in this document under the 802.1X section : http://community.arubanetworks.com/aruba/attachments/aruba/84/106/1/Troubleshooting+Cheat+Sheet-.pdf
The clients are Windows 7
Yes I understand that the client selects but if the computer has an old Computer Template Certificate all of a sudden clearpass will try and authenticate using that certificate instead of rejecting it and asking for another. Other uses of certificates don't behave this way they understand a particular certificate is expired and asks for another one.
Can you post a screenshot of the authorization and computed sections of the access tracker request?
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.