802.1x wired computers

[rviloria@lacsd.org]

I am implementing 802.1x for WIRED computers. I have a CA which
issues machine certificates to all domain computers. I am able to see
the machine certificate via mmc. I have IAS installed on my DC and
configured the remote policy as ethernet and wiredusers. Now the
problem. Some of my computers get "Windows was unable to find a
certificate to log you to the network" others work just fine. Not
sure where to look. It is a particular model here but when I reimage
the computer it works fine. I've tried deleting the certificate and
having the CA issue a new one. No go. Added and removed from the
domain. No go. Any ideas on where to look? I don't have the time to
reimage all the computer with problems.

 

[chris.glanville@gmail.com]

You may want to look into the version of the network stack being
used. When doing 802.1x for wireless, I've seen different versions of
the windows supplicant act very differently. Did you turn on auditing
in IAS too? Might want to check what auditing you could do from the
port level to see if you can get more information to see where the
error is happening.

 

[rviloria@lacsd.org]

On Dec 1, 8:26 am, "chris.glanvi...@gmail.com"
<chris.glanvi...@gmail.com> wrote:
> You may want to look into the version of the network stack being
> used. When doing 802.1x for wireless, I've seen different versions of
> the windows supplicant act very differently. Did you turn on auditing
> in IAS too? Might want to check what auditing you could do from the
> port level to see if you can get more information to see where the
> error is happening.

I checked the audit log by running IASPARSE and get some error
messages but you only get messages if there is connectivity. I also
checked the authentication tab for the nic and have the same setting
as the PCs that do work. I even have replaced the NIC. Not sure what
you mean by different versions of windows supplicant?