It might be (assumption) that if you click 'connect anyways' the first time, that Windows caches the certificates.
I would very carefully validate the certificates, server name setting, as there must be something wrong. Aruba Support may be able to collect the relevant supplicant logging to find what is going on, or if you have access to Microsoft support you may ask them if they know what is going on here. It's also weird because Windows 11 works out of the box, so configuration must be (nearly) good.
Is you EAP certificate following the best-practices, like from a private CA, no wildcard, all ClearPass nodes share the same RADIUS certificate?
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Aug 04, 2022 12:17 PM
From: Chris Sunderland
Subject: Windows 10 EAP-TLS Profile from Intune Issue
If I server validate on the initial connection then the connection fails, but if I do not do server validation on the initial connection it connects. After I have connected without server validation the first time if I go back and add server validation then the connection works without issue from then on.
------------------------------
ChrisSunderland
Original Message:
Sent: Aug 04, 2022 03:00 AM
From: Scott Doorey
Subject: Windows 10 EAP-TLS Profile from Intune Issue
have you nominated any CA's to trust for the server validation step?
is the client configured not to prompt user to trust new server certificates? If yes the client will fail silently if the cert is not from the designated root CA
Original Message:
Sent: Jul 25, 2022 12:20 PM
From: Chris Sunderland
Subject: Windows 10 EAP-TLS Profile from Intune Issue
I am having an odd issue, I have a wired and wireless profile being pushed to machines from Microsoft Intune, on Windows 11 machines it works without issue but it will not connect Windows 10 machines. If I create the connection manually and tell the connection to not Verify the servers identity by validating the certificate on the first time the system is connected it connects, and then if I change the setting to verify afterwards the system will connect every additional time without issue. This only happens on Windows 10 machines and I can see in the Access Tracker that on that first attempt with the validation turned on the attempt does not show the certificate on the Input tab under Computed Attributes. Any ideas on why this could be happening?