mutual authentication failed in the emv card.

Similar Questions

• Mutual authentication failed. The server password is obsolete on the domain controller.

  Hello
  I have configured the application WebDev and it mapped as network location.
  But while accessing it, I got following error: "the location is not available. Mutual authentication failed. The server password is obsolete on the domain controller. »
  Can someone help me solve this problem?

  Hi chahima,

  The question you posted would be better suited to Windows 7 IT pro community.
  http://social.technet.Microsoft.com/forums/en-us/w7itpronetworking/threads

• Authentication failed because the third remote has closed the transport stream

  I am trying to download a zip since an external public server example: https://xyz.com/abc.zip using the webclient.downloadfile () method in an application console, but I end up getting the error below

  "The underlying connection was closed: an unexpected error occurred on a send" and

  "Authentication failed because the third remote has closed the transport stream.

  I tried several solution, but nothing helped. I have no control over the external server. When I manually navigate the link on my browser, I get that download the file, namely the external server is fine and the problem is downloading from the code.

  I tried to put

  System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls | System.Net.SecurityProtocolType.Ssl3; but it does not work.

  Please suggest

  Hi Anil,

  Thanks for posting your query in Microsoft Community.

  Your question is beyond the scope of what is generally answered in this forum of consumer and would be better suited for the IT Pro TechNet public.

  Please post your question in the TechNet Forums.

• I received a notice that my auto renew failed because the credit card could not be processed.  I've updated the information, now how to make certain that my fee was properly paid?

  I received a notice that my auto renew failed because the credit card could not be processed.  I've updated the information, now how to make certain that my fee was properly paid?

  HI nocaldavid,

  If you're referring to your ExportPDF subscription, I can confirm that it has renewed successfully. The next in your account billing date is November 27, 2015, and the account is active.

  You can find a receipt for your payment by following the instructions in this document: manage your membership and your payment. Creative cloud. Look in the section payment & credit card.

  Best,

  Sara

• Using PEAP get "authentication failed" in the event log

  I'm trying to set up a server RADIUS and PEAP on a CISCO ARI-AP1242AG-A-K9 and I get an authentication failure message in the event log.

  First of all, I see 10.209.128.61:1645, 1646 RADIUS server does not respond.

  Then I see 10.209.128.61:1645, 1646 RADIUS server is back.

  Then, I get the message "failure of authentication station.

  The association tab shows the status of the client as 'treatment of the association.

  Customers are a Flint MX-560 and a windows XP SP2 laptop HP with a intel PRO/Wireless 3945ABG Network card internal.

  I was able to get the Flint to work using JUMP, but no luck at all either with the PEAP Protocol.

  Can someone help me?

  Thank you!

  PEAP allows to authenticate wireless users without requiring that they have USER certificates, but we still need a ROOT certificate.

  Here are some more specific details on PEAP:

  ... 'the protected '.

  Extensible Authentication Protocol (PEAP) Version 2, which provides

  a tunnel encrypted and authenticated, based on the transport layer

  Security (TLS) that encapsulates the EAP authentication mechanisms.

  PEAPv2 uses TLS security to protect against rogue authenticators, to protect

  against various attacks on confidentiality and the integrity of the method internal EAP Exchange and provide the EAP peer for the protection of privacy. »

  "In negotiating TLS, the server presents a certificate of.

  the peer. The peer MUST verify the validity of the EAP server

  certificate and SHOULD also consider the name of the EAP server presented in

  the certificate to determine if the EAP server can be

  of trust. »

  http://Tools.ietf.org/ID/draft-josefsson-PPPEXT-EAP-TLS-EAP-10.txt

  •PEAP uses the side authentication server of digital certification PKI public key Infrastructure-based.

  •PEAP uses TLS to encrypt all sensitive user authentication information.

  http://www.Cisco.com/en/us/docs/wireless/technology/PEAP/technical/reference/PEAP_D.html#wp998638

• MAB authentication fails on the port of multi-domain: dead result of authentication "server."

  Hi all

  First of all, I have no experience with the configuration of Cisco switches (about half a year now) but I read loads and loads of documentation.

  I am trying to configure several areas (MDA) authentication on our Cisco switches using mab and spin into something strange. Currently, single mab is asked by my employer.

  Switch = 48-3560G IOS version 12.2 (55) SE1

  RADIUS = Freeradius (version 2.1.10)

  http://www.Cisco.com/en/us/docs/switches/LAN/catalyst3560/software/release/12.2_55_se/configuration/guide/swiosfs.html is my bible

  On port Gi0/29 a Cisco 7961 IP phone is connected and plugged into the phone that a laptop is connected

  The switch configuration:

  AAA new-model
  !
  Group AAA dot1x default authentication RADIUS
  Group AAA authorization network default RADIUS
  AAA accounting delay start
  start-stop radius group AAA accounting dot1x default
  start-stop radius group AAA accounting network default
  !

  interface GigabitEthernet0/29
  235 a description
  switchport access vlan 4
  switchport mode access
  switchport voice vlan 2
  load-interval 30
  bandwidth share SRR-queue 10 10 60 20
  queue-series 2
  priority queue
  action retry authentication event 0 failure allow vlan 7
  action of death event authentication server allow vlan 4
  living action of the server reset the authentication event
  multi-domain of host-mode authentication
  Auto control of the port of authentication
  restrict the authentication violation
  MAB
  Auto qos voip cisco-phone
  spanning tree portfast
  service-policy input AutoQoS-Police-CiscoPhone
  !

  dead-criteria 5 tent 5 times RADIUS server
  RADIUS-server host 10.1.1.24 auth-port 1812 acct-port 1813
  RADIUS server key 7 xxx
  RADIUS vsa server send accounting
  RADIUS vsa server send authentication

  Radius response: (for the full reply see attached RADIUS - response.txt)

  Sending acceptance of access to the port id 98 to 10.1.1.207 1645
  Cisco-AVPair = "Tunnel-Type = VLAN.
  Cisco-AVPair = "Tunnel-Medium-Type = 802.
  Cisco-AVPair = "Tunnel-private-Group-ID = 7.
  Cisco-AVPair = "Tunnel-preference.

  That's why access accept with assignment data VLAN

  Debugging on the switch :

  001776: * Mar 1 09:27:35.606: mab-ev(Gi0/29): context MAB received create from AuthMgr
  001777: * Mar 1 09:27:35.606: mab-ev(Gi0/29): MAB authorizing MACAddress
  001778: * Mar 1 09:27:35.606: mab-ev(Gi0/29): client context created MAB 0x2200000F
  001779: * 09:27:35.606 Mar 1: mab: State has original mab_initialize enter
  001780: * Mar 1 09:27:35.606: mab-ev(Gi0/29): sent to create a new context of EAP of MAB to 0x2200000F (MACAddress) event
  001781: * Mar 1 10:27:35.606 THIS: % AUTHMGR-5-START: start "mab" for the customer (MACAddress) on the Interface Gi0/29 AuditSessionID 0A0101CF0000007F0207A4AC
  001782: * Mar 1 09:27:35.606: mab-sm(Gi0/29): the event received 'MAB_CONTINUE' on the 0x2200000F handle
  001783: * 09:27:35.606 Mar 1: mab: during the mab_initialize State, had 1 (mabContinue) event
  001784: * 09:27:35.606 Mar 1: @ mab: mab_initialize-> mab_authorizing
  001785: * Mar 1 09:27:35.606: mab-ev(Gi0/29): MAC-AUTH-BYPASS boot for 0x2200000F (MACAddress)
  001786: * Mar 1 09:27:35.614: mab-ev(Gi0/29): MAB received a Reject Access for 0x2200000F (MACAddress)
  001787: * Mar 1 10:27:35.622 THIS: % MAB-5-FAIL: failure of authentication for the client (MACAddress) on the Interface Gi0/29 AuditSessionID 0A0101CF0000007F0207A4AC
  001788: * Mar 1 09:27:35.622: mab-sm(Gi0/29): the event received 'MAB_RESULT' on the 0x2200000F handle
  001789: * 09:27:35.622 Mar 1: mab: during the mab_authorizing State, had 5 (mabResult) event
  001790: * 09:27:35.622 Mar 1: @ mab: mab_authorizing-> mab_terminate
  001791: * Mar 1 09:27:35.622: mab-ev(Gi0/29): removed the credentials of 0x2200000F (dot1x_mac_auth_MACAddress) profile
  001792: * Mar 1 09:27:35.622: mab-ev(Gi0/29): AuthMGR for MACAddress sending event (2)
  001793: * Mar 1 10:27:35.622 THIS: % AUTHMGR-7-RESULT: result "dead server" authentication "mab" for the customer (MACAddress) on the Interface Gi0/29 AuditSessionID 0A0101CF0000007F0207A4AC
  001794: * Mar 1 10:27:35.622 THIS: % AUTHMGR-5-VLANASSIGN: VLAN 4 assigned to Interface Gi0/29 AuditSessionID 0A0101CF0000007F0207A4AC
  001795: * Mar 1 10:27:36.512 THIS: % AUTHMGR-5-SUCCESS: authorization succeeded for client (MACAddress) on the Interface Gi0/29 AuditSessionID 0A0101CF0000007F0207A4AC

  So RADIUS returns an Access_Accept and the switch treats it as a rejection of access and little esteem RADIUS as dead.

  Help would be appreciated!

  Chris

  Hi Chris,

  In response to your last post, assignment of vlan dynamic could be achieved with the help of the IETF RADIUS attributes according to the link:
  http://Tools.Cisco.com/Squish/d1791

  or using the pair of cisco-av according to the link:
  http://Tools.Cisco.com/Squish/8Bd61

  As for free using the Radius and cisco-av pairs. Please can you activate debug on switch output and reproduce the problem with the attempt to authentiation of customer:
  Debug RADIUS
  Debug authentication of all the
  debug functionality of authentication all

  As a result the customer authentication event, also benefit from the following switch:
  display the interface authentication sessions

  I met problems with respect to the case of the pair of cisco-av. assignment of vlan for example work using the sensitive tiny "tunnel-private-group-id (# 81) = vlanid ' instead of ' tunnel-private-group-ID (# 81) = vlanid.

  When testing with the 'tunnel-private-group-ID(#81) = vlanid', I get an error:

  RADIUS/DECODE: parse cisco unknown vsa 'tunnel-private-group-ID' - FAIL

  So the 2nd link, with the changes:
  Cisco-avpair = "tunnel-type(#64) = VLAN (13).
  Cisco-avpair = "tunnel-medium-type(#65) = 802 media (6).
  Cisco-avpair = "tunnel-private-group-id(#81) = vlanid.

  If you still have a question, please include the output of debug/display above which will shed light on the problem.

  Thank you
  Alex

• Authentication failed in the content viewer

  I have a client who cannot log in to the display of the content with its Adobe I.D. so he can't see the project that I have developed for him. When you connect, it gets the message "Authentication failed" dreaded. He used the viewer of content in the past without problem, can connect to Adobe.com, is connected to the Internet, and his account is verified. I even changed his account email address so it would be re - check, but nothing helped. I know that this subject has been discussed here with varying results, but nothing has solved the problem. I tried his account information on my iPad with the same results, but my account works fine. I chatted online and on the phone with technical support, but it was absolutely worthless. He tried not to make a new account, but really, that is not acceptable and does not bode well for a lot of confidence in the product. Thank you.

  Bil

  There is a known problem affecting some customers. Can you send me a private message with the Adobe ID of the person having this problem and I will have a product support person to investigate and solve the problem (there is no they can do I can't for this problem)

  Neil

• authentication fail to the auxiliary database

  Hi all
  
  I try to configure dataguard with rman version oracle 11 g 2 on linux 5.5
  
  When you plug it into the aux it fails with the following error:
  
  RMAN > Connect auxiliary sys/oracle@stdorcl
  
  RMAN-00571: ===========================================================
  RMAN-00569: = ERROR MESSAGE STACK FOLLOWS =.
  RMAN-00571: ===========================================================
  RMAN-04006: auxiliary database error: ORA-01031: insufficient privileges
  
  
  I copied the password of the primary file and rename the instance name ensures. and when I tried with sql to connect.
  
  
  Listener and AMT also works very well:
  
  [oracle@localhost ~] $ lsnrctl status | grep stdorcl
  Service 'stdorcl' has 1 instance (s).
  "Stdorcl", the BLOCKED status, has 1 operation for this service...
  Service 'stdorcl.taurus.com' has 1 instance (s).
  Instance of 'stdorcl.taurus.com', status UNKNOWN, has 1 operation for this service...
  [oracle@localhost ~] $ tnsping stdorcl
  
  AMT Ping utility for Linux: Version 11.2.0.1.0 - Production on November 20, 2012 20:23:33
  
  Copyright (c) 1997, 2009, Oracle. All rights reserved.
  
  Use settings files:
  
  
  TNSNAMES adapter used to resolve the alias
  Try to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = localhost.localdomain) (PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = stdorcl.taurus.com)))
  OK (0 msec)
  [oracle@localhost ~] $
  
  
  [oracle@localhost ~] $ sqlplus sys as sysdba@stdorcl
  
  SQL * more: Production release 11.2.0.1.0 on Tue Nov 20 20:19:28 2012
  
  Copyright (c) 1982, 2009, Oracle. All rights reserved.
  
  Enter the password:
  
  Connected to:
  Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
  With partitioning, OLAP, Data Mining and Real Application Testing options
  
  SQL >
  
  
  
  don't know what's wrong.
  
  Thank you.
  
  Published by: 899329 on November 20, 2012 06:54

  Hello

  [oracle@localhost ~]$ lsnrctl status |grep stdorcl
  Service "stdorcl" has 1 instance(s).
  Instance "stdorcl", status BLOCKED, has 1 handler(s) for this service...
  Service "stdorcl.taurus.com" has 1 instance(s).
  Instance "stdorcl.taurus.com", status UNKNOWN, has 1 handler(s) for this service...
  

  What is the reason why your service is 'blocked '?
  Please re - check the listener configuration and details of initialization parameter (re - check all the steps once more)

  -Pavan Kumar N

• IOM Login authentication fails when the IOM API call

  Hello
  
  We have a small custom application written to make the update of some attributes of the user on OIM. This app works great on the development system, as well as the test system. However, when you run the program on the live system, it generates the error below. Please note that we use the IOM 11.1.1.5, test and production are under linux, while the development system is running windows 7. The test system is a single instance, while IOM in a production environment is clustered. Quick response will be very useful.
  
  We checked the path provided for authwl.conf and that's okay. Here is the thrown error:
  
  oracle.iam.platform.utils.NoSuchServiceException: java.lang.reflect.InvocationTargetException
  at oracle.iam.platform.OIMClient.getServiceDelegate(OIMClient.java:197)
  at oracle.iam.platform.OIMClient.getService(OIMClient.java:174)
  at oracle.iam.platform.OIMClient.loginSessionCreated(OIMClient.java:209)
  at oracle.iam.platform.OIMClient.login(OIMClient.java:136)
  at oracle.iam.platform.OIMClient.login(OIMClient.java:129)
  at com.infotech.tra.organization.RoleAssignment.updateUserAttributes(RoleAssignment.java:274)
  at com.infotech.tra.organization.RoleAssignment.main(RoleAssignment.java:73)
  at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoader.java:56)
  Caused by: java.lang.reflect.InvocationTargetException
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0 (Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
  at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
  at oracle.iam.platform.OIMClient.getServiceDelegate(OIMClient.java:193)
  ... 11 more
  Caused by: oracle.iam.platform.utils.NoSuchServiceException: javax.naming.AuthenticationException [Root exception is java.lang.SecurityException: user: weblogic, could not be authenticated.]
  to oracle.iam.platformservice.api.ClientLoginSessionServiceDelegate. < init >(Unknown Source)
  ... 16 more
  Related: javax.naming.AuthenticationException [Root exception is java.lang.SecurityException: user: weblogic, could not be authenticated.]
  at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:42)
  at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:788)
  at weblogic.jndi.WLInitialContextFactoryDelegate.pushSubject(WLInitialContextFactoryDelegate.java:682)
  at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:469)
  at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:376)
  at weblogic.jndi.Environment.getContext(Environment.java:315)
  at weblogic.jndi.Environment.getContext(Environment.java:285)
  at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
  at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
  at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
  at javax.naming.InitialContext.init(InitialContext.java:223)
  to javax.naming.InitialContext. < init > (InitialContext.java:197)
  at org.springframework.jndi.JndiTemplate.createInitialContext(JndiTemplate.java:114)
  at org.springframework.jndi.JndiTemplate.execute(JndiTemplate.java:86)
  at org.springframework.jndi.JndiTemplate.lookup(JndiTemplate.java:130)
  at org.springframework.jndi.JndiTemplate.lookup(JndiTemplate.java:155)
  ... more than 17
  Caused by: java.lang.SecurityException: user: weblogic, could not be authenticated.
  at weblogic.common.internal.RMIBootServiceImpl.authenticate(RMIBootServiceImpl.java:116)
  at weblogic.common.internal.RMIBootServiceImpl_WLSkel.invoke (unknown Source)
  at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:667)
  to weblogic.rmi.internal.BasicServerRef$ 1.run(BasicServerRef.java:522)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
  at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:518)
  at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

  There was incorrect values in the jndi.properties file causing problems. After the correction of the connection of IOM file worked properly.

• Exception BAM-00404, authentication failed. The user is marked inactive

  Hi guys,.
  
  Recently, I had import users from the Active Directory (AD) in Weblogic. He has completed successfully. But, my BAM users, have been disabled automatically. After reading this forum and documentation of BAM and remove these users from the administrator of BAM, it was great! My users have reactivated, BUT after a few minutes of this (even if I was on an active session) my users have been disabled! I know there is a problem between BAM and LDAP, but I don't know, the problem is in BAM, because other apps, working properly, even using the same user I always use in BAM.
  
  Can someone help me, please?
  
  Kind regards
  
  Imene

  BAM done periodically a list of choices for the user using / API user role and is not found in the security provider that JPS/OPSS investigates. What version do you use?
  You should not see this problem in 11.1.1.2.0 version. Move AD security provider to the top in the list of the auth provider in WLS console. Or you can disable this periodic check in 11.1.1.2.0 version affecting false in the BAM configuration file server.

• Authentication failed due to the error System.

  After spending my fundamental problem with Burrito and 0.9.3 I advanced and made the PlayBook in 90-minute tutorial.

  When running in mode 'on the desktop", the app works great and works.

  When I change mode "On Device" and that the running virtual machine Simulator, then I get the following error:

  Error occurred during the launch of the application installed on the device:
  Error: Authentication failed because the system error...

  I tried to run it without the Simulator VM has started and got the error could not find the device.  I also double checked the password, even if the VM simulator gave me a few problems when I changed passwords.

  Anyone who encountered this problem?

  On a side not, the .bar file was created for the application in the bin-debug folder.

  Hey, Logan,

  sounds like your conditioner ran finding, but when it came to deploy you stumbled upon an error. the only thing that comes to mind (as you already double check passwords) is either a firewall issue, you can check by turning off your firewall temporarily, or maybe your Simulator is not up-to-date (separate in the SDK installation). The latest version is the 0.9.3. Good luck!

• Authentication Failed: the Proxy to fail

  What's the matter, authentication fails and the message is this:

  Authentication Failed: the Proxy to fail

  Thank you

  Go to network settings > under 'Groups of network devices' click "(non attribué)" "

  Under servers "(Not Assigned) AAA", note the name of the IP address of your machine, which can be confirmed from the DOS command prompt "

  using the command "ipconfig/all".

  Then, return to the Network Configuration > under "Distribution of Proxy table", click on "(default)".

  And make sure you name server entry AAA for your machine is in the column 'Forward To '. If it isn't, then move your entry of the column machines and ensure that all other entry is under "AAA servers. Press 'submit + Restart.

  Finally, try authenticate a client bit against this ACS server.

  Kind regards

  Prem

• SSL mutual authentication using the Oracle stored procedure

  Hello
  
  DB version:
  Oracle Database 11 g Enterprise Edition Release 11.2.0.1.0 - 64 bit Production
  
  Is possible to perform mutual authentication SSL uses the Oracle stored procedure?
  I read articles and forums saying that it is not a good approach to call the Web service using the Oracle procedure (and I don't know if it's even possible authentication using procs). But I would like to know if it's possible and how.
  
  In other is words there a way to incorporate the client certificate information into a procedure that calls a Web service.
  
  I read the articles to do it in JAVA or .net. But please advice how we can achieve using Oracle procedures.
  
  Thank you.

  934451 wrote:

  Is possible to perform mutual authentication SSL uses the Oracle stored procedure?

  To learn more. SSL what for?

  Oracle PL/SQL only supports client standard TCP sockets. However, interface for HTTP, Oracle PL/SQL also supports HTTPS - which requires the certificates of authentication of the server to be stored in a portfolio of Oracle web and used during the transmission via HTTPS. See the code example {message identifier: = 1925297} for more details.

  I read articles and forums saying that it is not a good approach to call the Web service using the Oracle procedure (and I don't know if it's even possible authentication using procs).

  Forums and articles written by idiots. For idiots.

  And no, I'm not to embellish my response to this pitch that you met. It is false. It is written by ignorant people who don't know ANYTHING about the use of Oracle and PL/SQL. And feel free to forward my response to these idiots. They find me here if they want to argue...

  As an example of how to call a web service, see {message identifier: = 10158148} and {message: id = 10448611}.

• wireless authentication failed because of timeout on new router

  Wi Fi nightmare!

  We bought a new router as we couldn't find MSI we bought the ASUS!

  ASUS WL-520GC router =>

  Wireless authentication failed because the timeout. Layer 2 security key exchange did not generate multicast keys before timeout. I have a Windows vista with the latest Service Pack installed on an Aspire 7520-5115. What I'm doing wrong (I'm a semi ILLITERATE computer!)?

  We bought a new router as we couldn't find MSI we bought the ASUS!

  ASUS WL-520GC router =>

  Wireless authentication failed because the timeout. Layer 2 security key exchange did not generate multicast keys before timeout. I have a Windows vista with the latest Service Pack installed on an Aspire 7520-5115. What I'm doing wrong (I'm a semi ILLITERATE computer!)?

  Help you contact your ISP or ASUS. This isn't a problem of Microsoft.

• ISE Voip phones: authentication failed against AD

  the message is

  2064 authentication method is not supported by any point of sale there is identity: authentication failed

  the user is present on the AD and test user to ise is ok

  the rule for check in AD authentication is created

  servers of strategy are fulfilled and in green

  If I create an internal user (just to test) authentication is ok

  my sequence of authentication is:

  MAB

  mab_ad

  dot1x

  dot1x_ad

  These phones use eap - md5

  I guess there is something to check in AD, can someone help me solve this problem?

  I don't think that Active directory supports EAP - Md5.

  I will recommend rather to use EAP - TLS. Most of the Cisco IP phones have certificates built-in MIC, which really helps to deploy EAP - TLS