Hello, although not strictly an ISE issue, a customer has changed the UPN for a few Active Directory users.
For example,
FROM- FirstnameLastName@customer.com TO - Firstname.LastName@customer.com.
This is not being reflect in the new certificate which is being pulled down. It still remains as the old UPN.
Thus, when ISE Authenticates the user it works, but when authorising the user it fails. This is because it cannot find the user without the [.] in the identity (the new identity includes .)
Tried gpupdate/force, deleting and manually requesting new cert. Even on a fresh PC the same old identity is in the certificate.
Also tried, changing all of the fields (UPN and SAM account name) and all AD attributes pertaining to old name without said [.].
Any ideas?