Hi Guys,
I have been trying to configure any connect dual authentication factor with SCEP auto-enrollment. I was successful in configuring everything, including the LDAP-Map group redirection with both group-policies using simultaneous login 0 and the mapped with 3 simultaneous logins. Everything happens fine but the certificate authentication.
I can make the machine and other devices enroll correctly with the CA, but when it tries to authenticate it fails and the enrollment process happens again.
I made some research and found out about the EKU bug with Cisco, but even matching the fields of EK and EKU the any connect client cannot match the certificate and the enrollment process loops itself forever. Last night it did the process 8 times until I stopped it manually and revoked the certificates.
For some reason the certificate is not matched and I can`t figure out why. This is something I`ve been trying to understand since the beginning of this lab and I can`t. It does not seem to work properly. Can Anyone help me figure out why this is happening?