Security

We are getting the 215 error w/ devices that are going from our new SSID to the old SSID. Has anyone experienced this issue and have a solution for the problem. I'm leaning toward a certificate issue. Please help....

(215 Error) EAP-PEAP: fatal alert by client - access_denied TLS session reuse error

Check whether radius certificate installed in CPPM is valid and  it is supported by windows machine and also check network profile of your machine whether check server cert option is enabled or not?

The public certificate is valid, it should be supported by windows machines. We are currently migrating from old CP to new CP and upgrading controllers as well as creating a new SSID. We do have "
verify the server's identity by validating the certificate" checked. 

What is the EAP method (EAP-PEAP or EAP-TLS)?

Ensure,

the ClearPass Radius certificate is installed with complete chain,

and the Root CA that signed the radius certificate is marked as the trusted anchor in the wired/wireless supplicant profile, if you observer failure only on Windows Client.

Enable debug for the Radius server and check the debug logs from the Access Tracker for more details.

To enabled Debug: Administrator >> Server Manager >> Log Configuration >> Select Service >> Radius Server.

This issue has been resolved. It was a group policy issue with unchecked trusted root certificate. Thank you for everyones help