• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
Are you having HotKey issues? Click here for tips and tricks.
HP Recommended

Hi,

 

I have an ThinPro Client running build 7.20 build 14 service pack 10 and I'm having issues getting the wired 802.1x configuration to work when I "Enable Machine Authentication" setting.  The setup is 802.1x-PEAP, PEAP version is automatic, inner authentication MSCHAPS2 with an AD username and password.  The CA Certificate for the internal MS Root CA is installed on the client.  Without the Machine Authentication enabled the user authentication works fine.  In the SCEP Manager I have the SCEP server named listed.  When I attempt to enroll I get  error SCAP Enroll Result:  Key Pair not match.

Looking at the certificate I have my CA root listed and there are two certificates that appear as if they should be the machine certificate the issued to name is my CA server name and -MSCEP-RA.  The Cisco ISE server logs shows the client authentication failed PEAP failed SSL / TLS handshake because the client rejected the ISE Local Certificate.  Not sure this is the issue as the ISE server trust our internal CA as we have Windows Domain joined PC reporting into ISE for both user and computer security using certificates issues from the MS CA server.

 

Any assistance would be appreciated.

 

I'm investigating this issue with Cisco as well.

 

Thank you,

Michael

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.