We've been using User or Computer certificate to authenticate our users and computers for some time now. For several months our first time users would receive their user certificates fast enough that they would be able to remain connected from their initial connection using the computer certificate.
We are now seeing that our first time users are no longer receiving this certificate fast enough, and are being disconnected, unable to recieve the user certificate. Most of our computers are multi user devices, so now I need to make a choice to avoid this chicken and egg scenerio.
The visibility and ability to segment users based off roles is excellent from the user certificate side, but they wouldn't be able to sign in without being wired first. If I was to change to computer only certificate, this would work, but we'd lose some of the visibility.
If I were to change to computer only certificate is there a good method to get visiblity into the user AD information?
What solutions have others used for this scenerio?
Thanks