Skip to main content
Start a Conversation

Unsolved

Closed

C

cmcdowell

2 Posts

438

July 5th, 2023 08:00

WMS Managed ThinOS 9.x 802.1x

Summary:

I am having issues trying to solve 802.1x authentication between ThinOS 9.x and Cisco ISE.

Setup:

We have Cisco ISE version 3.0 as our RADIUS server, Windows Server 2019 as our Certification Authority with NDES and SCEP configured, and we have Dell WMS 3.8 181 as our Wyse Management Server.

I have configured the CA with certificate templates for 802.1x workstations and have configured NDES and SCEP.

I have configured ISE with all of the policy sets required to get wired 802.1x working. I have physical Windows workstations that can successfully get certificates through GPO and authenticate with ISE.

WMS Configuration is as follows:

  • Privacy & Security
    • Certificates
      • Auto Install Certificates - yes
      • Select Certificates to Upload - Include CA.cer, ISE.pem (signed by CA), vmware-view.cer
    • SCEP
      • Enable Auto Enrollment - yes
      • Enable Auto Renew - no
      • Select Install CA Certificate - yes
      • Key Usage - Digital Signature, Key Encipherment
      • Key Length - 2048
      • Common Name - $TN
      • Request URL - https://CA/certsrv/mscep/mscep.dll
      • CA Certificate Hash Type - MD5
      • CA Certificate Hash -
      • Enrollment Password - ********
      • Administrator URL - https://CA/certsrv/mscep_admin/
      • Ignore Server Certificate Check - yes
      • Admin User -
      • Admin User Password - ********
      • Admin User Domain -
  • Network Configuration
    • Ethernet Settings
      • Manual Override - no
      • 802.1X Authentication Settings
        • Network Interface Index - 0
        • Enable EAP Authentication - yes
        • Validate Server - yes
        • Check Server - yes
        • Server Name - ISE
        • EAP Type - EAP-TLS
        • Client Certificate Filename - $TN.pfx
        • Client Certificate Type - machine

Issue:

1. Current - The thin client appears to get the configuration fine. Under Settings -> Network Setup -> ENET the client certificate name is showing up, however when selecting the browse button the pop-up window shows "no cert found".

2.  Previous - I have had the certificate properly show up and the authentication fail stating that the root certificate was missing, however I was able to verify all certificates on the client. This was showing in ISE  as Authentication failed stating EAP-TLS failed SSL/TLS handshake after a client alert.

SuperWeenieHutJr

1 Message

July 10th, 2023 06:00

Did you resolve this? I've got a buddy that is dealing with the same issue.

cmcdowell

2 Posts

July 11th, 2023 05:00

Hey SuperWeenieHutJr,

 

I have not resolved this yet, but I do have some updated information. I've been in contact with Dell support trying to work through the issue. In the meantime, I have updated the software above. 

Dell WMS is now updated to 4.1 and ThinOS is now at 2306 (9.4.2103). WMS settings have been updated as well to include SCEP and Ethernet -> 802.1X Authentication changes. Under SCEP, adding the domain name after $TN as the Common Name ($TN.domain.name) and removing the enrollment password (forcing the use of the Administrator URL and Admin credentials). Under 802.1X, mirror the change in the Client Certificate Filename ($TN.domain.name.pfx).

Additionally, the issues listed above have changed. The issue at the time of the post has been resolved. The thin clients are getting certificates properly. I am back to having the issue listed above that authentication is failing.

Let me know if you have any questions.

View More

View All

No Events found!

Top