Home » Security » How to fix the Windows 8.0 and above ISE computer name authentication issue with Cisco ISE

How to fix the Windows 8.0 and above ISE computer name authentication issue with Cisco ISE

Cisco Identity Service Engine

Problem:

Windows 8 and above  operating  systems are  not able to authenticate to ISE 1.3 when doing EAP chaining and fail computer name lookups in the Active Directory

Diagnostic:

The reason is the Windows ISE does not send the computer name and which then caused the EAP chaining to fail and thus denying access to the network -this is doen when Cisco Anyconnect is communication with ISE over EAP

Solution:

Microsoft has released a registry fix which resolved the issue once applied

Below is the link to the MS fix which is a registry hack

https://support.microsoft.com/en-us/kb/2743127

Always backup Registry before making any changes – below is the link that explains how to export the keys

https://support.microsoft.com/en-us/kb/322756

Below the key that needs to be added just in case the article is obselete

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

ADD the new  key dword “LsaAllowReturningUnencryptedSecrets  value 1”

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*