Security

Hi Team 

I am busy with clearPass deployment for a client, I have configured all the necessary configuration which need to be done, but when I am testing the following error occur.

Please assist.   

Hi

The error message you get indicates that the client isn't configured correct.

Verify the following:

• Does the client use the same authentication method as configured in ClearPass for example EAP-TLS
• Does the client have the root certificate of the ClearPass Radius certificate issuer installed
• Does the client specify the expected ClearPass FQDN in the 802.1x profile, does this name exist in the Radius certificate on ClearPass

Can you post both your settings on the Authentication tab of the 802.1x service and the settings on the client.

What type of clients do you have and how do you configure the clients? Active Directory GPO, Intune, manually or other MDM solution?

Hi Team 

I am busy with clearPass deployment for a client, I have configured all the necessary configuration which need to be done, but when I am testing the following error occur.

Please assist.   

Hi Jonas

Unable to config Microsoft EAP-TEAP authentication on Win11 client. No Microsoft EAP-TEAP, only Microsoft Tunnel EAP (TEAP). Getting following error:

Is a window 11 client, configured in AD GPO

Hi

The error message you get indicates that the client isn't configured correct.

Verify the following:

• Does the client use the same authentication method as configured in ClearPass for example EAP-TLS
• Does the client have the root certificate of the ClearPass Radius certificate issuer installed
• Does the client specify the expected ClearPass FQDN in the 802.1x profile, does this name exist in the Radius certificate on ClearPass

Can you post both your settings on the Authentication tab of the 802.1x service and the settings on the client.

What type of clients do you have and how do you configure the clients? Active Directory GPO, Intune, manually or other MDM solution?

Hi Team 

I am busy with clearPass deployment for a client, I have configured all the necessary configuration which need to be done, but when I am testing the following error occur.

Please assist.   

Hi Jonas

Unable to config Microsoft EAP-TEAP authentication on Win11 client. No Microsoft EAP-TEAP, only Microsoft Tunnel EAP (TEAP). Getting following error:

Is a window 11 client, configured in AD GPO

Hi

The error message you get indicates that the client isn't configured correct.

Verify the following:

• Does the client use the same authentication method as configured in ClearPass for example EAP-TLS
• Does the client have the root certificate of the ClearPass Radius certificate issuer installed
• Does the client specify the expected ClearPass FQDN in the 802.1x profile, does this name exist in the Radius certificate on ClearPass

Can you post both your settings on the Authentication tab of the 802.1x service and the settings on the client.

What type of clients do you have and how do you configure the clients? Active Directory GPO, Intune, manually or other MDM solution?

Hi Team 

I am busy with clearPass deployment for a client, I have configured all the necessary configuration which need to be done, but when I am testing the following error occur.

Please assist.   

Hi

In your screenshots you have different authentication methods specified on the client and in ClearPass.

To be able to utilize TEAP you also need to add this method in the Service in ClearPass. It's at the bottom of the drop-down, a bit hard to see as you need to scroll...

Regarding the wildcard certificate mentioned in the separate comment, wildcard should not be utilized as Radius EAP certificate. As HTTPS certificate wildcard can be utilized, but some limitations in use cases may apply when trying to use ClearPass Onboard on Apple iOS devices.

Hi Jonas

Unable to config Microsoft EAP-TEAP authentication on Win11 client. No Microsoft EAP-TEAP, only Microsoft Tunnel EAP (TEAP). Getting following error:

Is a window 11 client, configured in AD GPO

Hi

The error message you get indicates that the client isn't configured correct.

Verify the following:

• Does the client use the same authentication method as configured in ClearPass for example EAP-TLS
• Does the client have the root certificate of the ClearPass Radius certificate issuer installed
• Does the client specify the expected ClearPass FQDN in the 802.1x profile, does this name exist in the Radius certificate on ClearPass

Can you post both your settings on the Authentication tab of the 802.1x service and the settings on the client.

What type of clients do you have and how do you configure the clients? Active Directory GPO, Intune, manually or other MDM solution?

Hi Team 

I am busy with clearPass deployment for a client, I have configured all the necessary configuration which need to be done, but when I am testing the following error occur.

Please assist.   

Hi Jonas

We have added TEAP on the authentication method but we are still get timeout error. 

Hi

In your screenshots you have different authentication methods specified on the client and in ClearPass.

To be able to utilize TEAP you also need to add this method in the Service in ClearPass. It's at the bottom of the drop-down, a bit hard to see as you need to scroll...

Regarding the wildcard certificate mentioned in the separate comment, wildcard should not be utilized as Radius EAP certificate. As HTTPS certificate wildcard can be utilized, but some limitations in use cases may apply when trying to use ClearPass Onboard on Apple iOS devices.

Hi Jonas

Unable to config Microsoft EAP-TEAP authentication on Win11 client. No Microsoft EAP-TEAP, only Microsoft Tunnel EAP (TEAP). Getting following error:

Is a window 11 client, configured in AD GPO

Hi

The error message you get indicates that the client isn't configured correct.

Verify the following:

• Does the client use the same authentication method as configured in ClearPass for example EAP-TLS
• Does the client have the root certificate of the ClearPass Radius certificate issuer installed
• Does the client specify the expected ClearPass FQDN in the 802.1x profile, does this name exist in the Radius certificate on ClearPass

Can you post both your settings on the Authentication tab of the 802.1x service and the settings on the client.

What type of clients do you have and how do you configure the clients? Active Directory GPO, Intune, manually or other MDM solution?

Hi Team 

I am busy with clearPass deployment for a client, I have configured all the necessary configuration which need to be done, but when I am testing the following error occur.

Please assist.   

Hi

Often the message "Client did not complete EAP transaction" indicates that the client isn't configured correctly. In the TEAP settings you have to configure certificate validation correctly to match the Radius certificate of your ClearPass server.

Screenshots of the remaining TEAP settings may help in finding the issue.

Hi Jonas

We have added TEAP on the authentication method but we are still get timeout error. 

Hi

In your screenshots you have different authentication methods specified on the client and in ClearPass.

To be able to utilize TEAP you also need to add this method in the Service in ClearPass. It's at the bottom of the drop-down, a bit hard to see as you need to scroll...

Regarding the wildcard certificate mentioned in the separate comment, wildcard should not be utilized as Radius EAP certificate. As HTTPS certificate wildcard can be utilized, but some limitations in use cases may apply when trying to use ClearPass Onboard on Apple iOS devices.

Hi Jonas

Unable to config Microsoft EAP-TEAP authentication on Win11 client. No Microsoft EAP-TEAP, only Microsoft Tunnel EAP (TEAP). Getting following error:

Is a window 11 client, configured in AD GPO

Hi

The error message you get indicates that the client isn't configured correct.

Verify the following:

• Does the client use the same authentication method as configured in ClearPass for example EAP-TLS
• Does the client have the root certificate of the ClearPass Radius certificate issuer installed
• Does the client specify the expected ClearPass FQDN in the 802.1x profile, does this name exist in the Radius certificate on ClearPass

Can you post both your settings on the Authentication tab of the 802.1x service and the settings on the client.

What type of clients do you have and how do you configure the clients? Active Directory GPO, Intune, manually or other MDM solution?

Hi Team 

I am busy with clearPass deployment for a client, I have configured all the necessary configuration which need to be done, but when I am testing the following error occur.

Please assist.   

Hi

Often the message "Client did not complete EAP transaction" indicates that the client isn't configured correctly. In the TEAP settings you have to configure certificate validation correctly to match the Radius certificate of your ClearPass server.

Screenshots of the remaining TEAP settings may help in finding the issue.

Hi Jonas

We have added TEAP on the authentication method but we are still get timeout error. 

Hi

In your screenshots you have different authentication methods specified on the client and in ClearPass.

To be able to utilize TEAP you also need to add this method in the Service in ClearPass. It's at the bottom of the drop-down, a bit hard to see as you need to scroll...

Regarding the wildcard certificate mentioned in the separate comment, wildcard should not be utilized as Radius EAP certificate. As HTTPS certificate wildcard can be utilized, but some limitations in use cases may apply when trying to use ClearPass Onboard on Apple iOS devices.

Hi Jonas

Unable to config Microsoft EAP-TEAP authentication on Win11 client. No Microsoft EAP-TEAP, only Microsoft Tunnel EAP (TEAP). Getting following error:

Is a window 11 client, configured in AD GPO

Hi

The error message you get indicates that the client isn't configured correct.

Verify the following:

• Does the client use the same authentication method as configured in ClearPass for example EAP-TLS
• Does the client have the root certificate of the ClearPass Radius certificate issuer installed
• Does the client specify the expected ClearPass FQDN in the 802.1x profile, does this name exist in the Radius certificate on ClearPass

Can you post both your settings on the Authentication tab of the 802.1x service and the settings on the client.

What type of clients do you have and how do you configure the clients? Active Directory GPO, Intune, manually or other MDM solution?

Hi Team 

I am busy with clearPass deployment for a client, I have configured all the necessary configuration which need to be done, but when I am testing the following error occur.

Please assist.   

Hi Jonas

Can you share with me a template with the step on how to configure that, so we can confirm if we have done it correct.

Hi

Often the message "Client did not complete EAP transaction" indicates that the client isn't configured correctly. In the TEAP settings you have to configure certificate validation correctly to match the Radius certificate of your ClearPass server.

Screenshots of the remaining TEAP settings may help in finding the issue.

Hi Jonas

We have added TEAP on the authentication method but we are still get timeout error. 

Hi

In your screenshots you have different authentication methods specified on the client and in ClearPass.

To be able to utilize TEAP you also need to add this method in the Service in ClearPass. It's at the bottom of the drop-down, a bit hard to see as you need to scroll...

Regarding the wildcard certificate mentioned in the separate comment, wildcard should not be utilized as Radius EAP certificate. As HTTPS certificate wildcard can be utilized, but some limitations in use cases may apply when trying to use ClearPass Onboard on Apple iOS devices.

Hi Jonas

Unable to config Microsoft EAP-TEAP authentication on Win11 client. No Microsoft EAP-TEAP, only Microsoft Tunnel EAP (TEAP). Getting following error:

Is a window 11 client, configured in AD GPO

Hi

The error message you get indicates that the client isn't configured correct.

Verify the following:

• Does the client use the same authentication method as configured in ClearPass for example EAP-TLS
• Does the client have the root certificate of the ClearPass Radius certificate issuer installed
• Does the client specify the expected ClearPass FQDN in the 802.1x profile, does this name exist in the Radius certificate on ClearPass

Can you post both your settings on the Authentication tab of the 802.1x service and the settings on the client.

What type of clients do you have and how do you configure the clients? Active Directory GPO, Intune, manually or other MDM solution?

Hi Team 

I am busy with clearPass deployment for a client, I have configured all the necessary configuration which need to be done, but when I am testing the following error occur.

Please assist.   

Hi Jonas

Can you share with me a template with the step on how to configure that, so we can confirm if we have done it correct.

Hi

Often the message "Client did not complete EAP transaction" indicates that the client isn't configured correctly. In the TEAP settings you have to configure certificate validation correctly to match the Radius certificate of your ClearPass server.

Screenshots of the remaining TEAP settings may help in finding the issue.

Hi Jonas

We have added TEAP on the authentication method but we are still get timeout error. 

Hi

In your screenshots you have different authentication methods specified on the client and in ClearPass.

To be able to utilize TEAP you also need to add this method in the Service in ClearPass. It's at the bottom of the drop-down, a bit hard to see as you need to scroll...

Regarding the wildcard certificate mentioned in the separate comment, wildcard should not be utilized as Radius EAP certificate. As HTTPS certificate wildcard can be utilized, but some limitations in use cases may apply when trying to use ClearPass Onboard on Apple iOS devices.

Hi Jonas

Unable to config Microsoft EAP-TEAP authentication on Win11 client. No Microsoft EAP-TEAP, only Microsoft Tunnel EAP (TEAP). Getting following error:

Is a window 11 client, configured in AD GPO

Hi

The error message you get indicates that the client isn't configured correct.

Verify the following:

• Does the client use the same authentication method as configured in ClearPass for example EAP-TLS
• Does the client have the root certificate of the ClearPass Radius certificate issuer installed
• Does the client specify the expected ClearPass FQDN in the 802.1x profile, does this name exist in the Radius certificate on ClearPass

Can you post both your settings on the Authentication tab of the 802.1x service and the settings on the client.

What type of clients do you have and how do you configure the clients? Active Directory GPO, Intune, manually or other MDM solution?

Hi Team 

I am busy with clearPass deployment for a client, I have configured all the necessary configuration which need to be done, but when I am testing the following error occur.

Please assist.