Not exactly the same but similar enough. I ran into the same error when using 802.1x EAP-TLS with an Intune Cloud PKI issued user (not device) certificate. My error below: Failure/ Rejection info: Reason There was an internal server error occurred in authentication flow. Suggested action Please verify configurations and retry. We are taking a look. Please report if this issue is not fixed. In my case, the Subject Common Name of the certificate was using the email address of the Entra ID user and Access Manager was set to use Subject Common Name as the user identity attribute. After verifying my Access Manager and endpoint configuration against the documentation: Access Manager Certificate Based Authentication - EAP-TLS with Entra ID Lookup - Cisco Meraki Documentation Access Manager - EAP-TLS Client Configuration (Windows, macOS and iOS) - Cisco Meraki Documentation I could not determine the cause of the error. I raised a support case and the engineer suggested that because the Access Manager user identity is an email address which is also used by a Meraki Dashboard SAML administrator, that there is a potential issue/conflict here, wording from support below: "I have analysed backend logs from this organization and could not see any issues or errors being reported about the Access Manager process. However, the account that is used to authenticate, is also a SAML administrator in Dashboard. Since SAML administrator account email cannot be used for a Client VPN or Meraki Cloud Authentication (RADIUS) user accounts, we might be running into the same issue here." I was able to resolve this in my case by changing the Subject Common Name on my user certificate to OnPremisesSamAccountName, authentications with this configuration are working as expected. As this was only a PoC/testing for me, I have not tested my original configuration (Subject Common Name using Entra ID user's email address) with a user who is not a Meraki Dashboard SAML admin.
... View more
