I'm having a hell of a time getting EAP-TLS working with a Microsoft CA issuing the Certs. I have PAEP working with no problems in the same environment (laptop WinXP, switch port Cisco Cat 4003, Cisco ACS Server 3.2.3 and username Win2003 AD). I'm thinking that it has to do with how the CA server is issuing the User Cert and what AD is looking from the Cert to authenticate it with a user. What I see from my client when trying to use EAP-TLS is "Attempting to authenticate" it never fails or passes. I never see anything in the ACS logs that says Pass or Fail. Anyone else have this problem? I'm sure that I'm missing some very simple step or check box somewhere but it's driving me crazy and I help some help. BTW, I have tried Cisco Test Certs from the following URL and wouldn't you know it works so I know the environment if correct, like I said I like it is the Cert but not sure how to fix it. [URL]http://www.cisco.com/en/US/netsol/ns339/ns395/ns176/ns314/networking_solutions_white_paper09186a008009256b.shtml#wp39021[/URL]