Original Message:
Sent: Sep 18, 2023 07:25 AM
From: ssmith764
Subject: EAP-TLS Auth issues with Windows 11
OK, changing to lowercase does not work, but removing the tick does! I find it really strange that enabling the tick works for Windows 10 but not Windows 11.
Anyway, many thanks for this
------------------------------
--------------------
Stewart Smith
ACMX, ACDX, ACCP, ACSA
--------------------
Original Message:
Sent: Sep 18, 2023 06:40 AM
From: ahollifield
Subject: EAP-TLS Auth issues with Windows 11
What if you change the hostname to lowercase? If you turn off "only connect to these servers" checkbox does it then work?
Personally, I've never understood the use-case for this. Just let TLS certificate trust take care of itself
Original Message:
Sent: 9/18/2023 5:13:00 AM
From: ssmith764
Subject: RE: EAP-TLS Auth issues with Windows 11
A few more details:
For both user and computer the same error is in the logs: ERROR RadiusServer.Radius - TLS Alert read:fatal:access denied
The ClearPass cert contains the common name in the SAN:
In 'Advanced', I have these ticked but it makes no difference
------------------------------
--------------------
Stewart Smith
ACMX, ACDX, ACCP, ACSA
Original Message:
Sent: Sep 14, 2023 01:57 PM
From: ssmith764
Subject: EAP-TLS Auth issues with Windows 11
I have deployed a new Clearpass server and 2019 active directory domain controller in my lab. I have deployed certificates to Clearpass and two test clients via group policy. My Windows 10 client works perfectly and does machine and user authentication. The Windows 11 client fails machine auth with error 215 'EAP-TLS: fatal alert by client - access denied'.
If I log in to the machine, I can connect but only after clicking the 'Continue Connecting?' prompt and showing the certificate details.
Both machines have the user and computer certs in the correct location and also have a copy of the root cert. The difference must be with how Windows 11 operates.
Does anyone have an idea how to correct this?
------------------------------
--------------------
Stewart Smith
ACMX, ACDX, ACCP, ACSA
--------------------
------------------------------