Hi Airheads,
In the process of migrating from an old ClearPass deployment running 6.2.6 to new one running latest version of 6.6.
For the Corp SSID we're trying to migrate, clients are using EAP-TLS with a domain issued machine certificate to authenticate, with settings controlled by group policy. This is working when authenticating to the old ClearPass appliance.
Trust chain is good, LDAP connection from new ClearPass appliance to the domain controller is working (using this for admin interface auth).
When attempting a connection, Access Tracker is showing the below errors:
RADIUS eap-tls: Error in establishing TLS session
2016-06-23 18:21:45,090 [Th 227 Req 1387679 SessId R00152c33-01-576b7ff7] ERROR RadiusServer.Radius - rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2016-06-23 18:21:45,090 [Th 227 Req 1387679 SessId R00152c33-01-576b7ff7] ERROR RadiusServer.Radius - rlm_eap_tls: TLS Handshake failed
Has anyone seen this before? Could it be to do with cipher support on the client?
Same behaviour on Windows 7, 8.1, and 10.