WMS Managed ThinOS 9.x 802.1x
I am having issues trying to solve 802.1x authentication between ThinOS 9.x and Cisco ISE.
We have Cisco ISE version 3.0 as our RADIUS server, Windows Server 2019 as our Certification Authority with NDES and SCEP configured, and we have Dell WMS 3.8 181 as our Wyse Management Server.
I have configured the CA with certificate templates for 802.1x workstations and have configured NDES and SCEP.
I have configured ISE with all of the policy sets required to get wired 802.1x working. I have physical Windows workstations that can successfully get certificates through GPO and authenticate with ISE.
WMS Configuration is as follows:
- Privacy & Security
- Auto Install Certificates - yes
- Select Certificates to Upload - Include CA.cer, ISE.pem (signed by CA), vmware-view.cer
- Enable Auto Enrollment - yes
- Enable Auto Renew - no
- Select Install CA Certificate - yes
- Key Usage - Digital Signature, Key Encipherment
- Key Length - 2048
- Common Name - $TN
- Request URL - https://CA/certsrv/mscep/mscep.dll
- CA Certificate Hash Type - MD5
- CA Certificate Hash -
- Enrollment Password - ********
- Administrator URL - https://CA/certsrv/mscep_admin/
- Ignore Server Certificate Check - yes
- Admin User -
- Admin User Password - ********
- Admin User Domain -
- Network Configuration
- Ethernet Settings
- Manual Override - no
- 802.1X Authentication Settings
- Network Interface Index - 0
- Enable EAP Authentication - yes
- Validate Server - yes
- Check Server - yes
- Server Name - ISE
- EAP Type - EAP-TLS
- Client Certificate Filename - $TN.pfx
- Client Certificate Type - machine
- Ethernet Settings
1. Current - The thin client appears to get the configuration fine. Under Settings -> Network Setup -> ENET the client certificate name is showing up, however when selecting the browse button the pop-up window shows "no cert found".
2. Previous - I have had the certificate properly show up and the authentication fail stating that the root certificate was missing, however I was able to verify all certificates on the client. This was showing in ISE as Authentication failed stating EAP-TLS failed SSL/TLS handshake after a client alert.