Hello,I have come across a situation where windows recently updated and within the Windows 11 22h2 & 23h2 latest update. There is authentication EAP-TLS 1.3 which is on by default, from my gathering currently. I on the other hand also know that ClearPass cannot authenticate devices yet with EAP-TLS 1.3. Is there any way to bypass this and allow ClearPass to authenticate devices again? Anything helps, thanks.
The devices should fail back to TLS 1.2 though. Is there a GPO or some other mechanism that is enforcing TLS 1.3 for EAP? What EAP type are you using?
EAP-TLS 1.2 and 1.3 are currently both on for any device. Is there anything to check to make sure that it is supposed to fall back, that I have mis checked? The EAP types are in use TLS and PEAP.
I currently am still learning this whole process; I do not know how to tell if both are failing. But ClearPass used to have all the information in it right away. Now it takes a few hours for ClearPass to see the device, then it takes a few hours for the device to get all the attributes except one(the domain = true). Credential guard I will double check on. Thanks.
The lastes ClearPass 6.11 patches permit you to turn off the problematic encryption. Bad TPM firmware corrupts the stored certificates
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.