We are usign iOS policy for connection to our wi-fi using 802.1x - certificates are pulled from Cloud Extenders from AD.
Everything was peachy until recently. Now users go to connect and they are presented with the RADIUS server's cert, they click to trust, and then they cannot join. The logs on the NPS server look fine. If they try to connect again, they are presented with the RADIUS cert again to trust. Nothing has changed and our side and other, non iOS devices are connecting fine. Wondering if anyone else is having this issue.

------------------------------
Lisa Busby
------------------------------

Hi Lisa
I'm not aware of a generalised issue here so am guessing it is specific to your environment. 
There is a quick test you can do here to ensure the certs are being retrieved by Cloud Extender. 
On the Cloud Extender server, open a browser page and type in this URL: http://localhost/certsrv/mscep_admin/ 
This should give confirmation that the cert templates are being retrieved from Active Directory. 
There are a number of other potential causes of this including Cloud Extender not working, Cisco ISE problems etc. 
If this doesn't work I suggest you raise a ticket to support with the maximum amount of information possible, including Cloud Extender logs. 
https://www.ibm.com/docs/en/maas360?topic=module-troubleshooting-issues-certificate-integration
Best regards

------------------------------
Eamonn O'Mahony
Technical Client Success Manager
IBM Security
Dublin, Ireland
------------------------------

Original Message:
Sent: Thu October 27, 2022 04:52 PM
From: Lisa Busby
Subject: Anyone having issues recently when connecting to 802.1x wireless?

We are usign iOS policy for connection to our wi-fi using 802.1x - certificates are pulled from Cloud Extenders from AD.
Everything was peachy until recently. Now users go to connect and they are presented with the RADIUS server's cert, they click to trust, and then they cannot join. The logs on the NPS server look fine. If they try to connect again, they are presented with the RADIUS cert again to trust. Nothing has changed and our side and other, non iOS devices are connecting fine. Wondering if anyone else is having this issue.

------------------------------
Lisa Busby
------------------------------

Just a note that this is not us. This is something with MaaS360. I removed MaaS360 from the iPad and manually imported the certificates and I was able to connect fine. The problem comes back once I put the device back into MaaS360. 

------------------------------
Lisa Busby
------------------------------

Original Message:
Sent: Fri October 28, 2022 04:10 AM
From: Eamonn O'Mahony
Subject: Anyone having issues recently when connecting to 802.1x wireless?

Hi Lisa
I'm not aware of a generalised issue here so am guessing it is specific to your environment. 
There is a quick test you can do here to ensure the certs are being retrieved by Cloud Extender. 
On the Cloud Extender server, open a browser page and type in this URL: http://localhost/certsrv/mscep_admin/ 
This should give confirmation that the cert templates are being retrieved from Active Directory. 
There are a number of other potential causes of this including Cloud Extender not working, Cisco ISE problems etc. 
If this doesn't work I suggest you raise a ticket to support with the maximum amount of information possible, including Cloud Extender logs. 
https://www.ibm.com/docs/en/maas360?topic=module-troubleshooting-issues-certificate-integration
Best regards

------------------------------
Eamonn O'Mahony
Technical Client Success Manager
IBM Security
Dublin, Ireland

Original Message:
Sent: Thu October 27, 2022 04:52 PM
From: Lisa Busby
Subject: Anyone having issues recently when connecting to 802.1x wireless?

We are usign iOS policy for connection to our wi-fi using 802.1x - certificates are pulled from Cloud Extenders from AD.
Everything was peachy until recently. Now users go to connect and they are presented with the RADIUS server's cert, they click to trust, and then they cannot join. The logs on the NPS server look fine. If they try to connect again, they are presented with the RADIUS cert again to trust. Nothing has changed and our side and other, non iOS devices are connecting fine. Wondering if anyone else is having this issue.

------------------------------
Lisa Busby
------------------------------