Hi,
Hoping to get some clarification on this...
The machines are part of a GPO that configures 'user and computer authentication' on the network adaptor via certificates and when they boot up they authenticate against the radius server (Cisco ISE in this case) absolutely fine; you see the certificate authenticate against the server and it gets given access to the network, the access given at present is full access though the objective is to change this to limited access once everything is working.
Now if a user that has already logged into this machine before - and so has a certificate already installed - logs into this machine there's no issue, the user certificate is sent to the radius server as expected which authenticates and authorises it onto the network with full access.
The problem is, when a new user logs into this same machine - and so does not have a certificate yet - it no longer works. The user is meant to download a certificate at log in which i believe it should be able to do as the machine already has been granted access, and so the port has opened up to allow communication on the network. Instead, after login i don't see any user certificate authentication against the radius server, the user doesn't seem to download the certificate and it also seems to kill of the existing machine authentication and ends up going down a MAC Address Bypass (MAB) process.
Any thoughts?
Thanks in advance
oh, and this is on windows 10.