Preface – We have deployed CISCO ISE (Radius services) in the Irving Campus (Texas). CISCO ISE is configured to pre-authenticate devices using 802.1x prior to getting on the wired network. The client device requirements before getting access on the network is 1. Must be joined to ISC domain, 2. Must have a machine cert trusted by ISE 3. Must be configured to use 802.1x per CISCOs specification (basically authentication configuration on the NIC).
Issue– Since deploying ISE last October, we have random users getting disconnected from the network each day averaging about 5-10 users at one point. It is very random, the clients somehow loses network connectivity and is unable to re-authenticate with the Radius server.
Troubleshooting– after months of troubleshooting with Cisco and Microsoft, Microsoft recently found in network traces that the EAP request/response from Radius were getting blocked by the DOT3SVC service. DOT3SVC is the service called “Wired Autoconfiguration” on Windows machine. This service is responsible for 802.1x authentication. Microsoft has indicated that this service can be impacted by a filter driver commonly used with Anti Virus software. SEP Network Threat Protection is running on all client machines.
Symantec Assistance– Please help us with troubleshooting the Symantec portion of this overall issue. We need help in analyzing the Symantec Network protection logs as it pertains to EAP (802.1x) communication, we need suggestions from Symantec to help capture if Symantec is playing a role in this interruption or not, and also need to see if Symantec has any issues like this in the past that they can share their experience and resolution when deploying SEP with Radius server.
