Unable to Provision after Applying Microsoft* Security Update KB5008102

The change to how SCS creates the AD computer objects only seems to impact customers who select the option (screen-shot directly below) for Cisco* ISE to authenticate against Any Subject or Alternative Name Attributes in the Certificate (for Active Directory Only).

Which results in an error similar to this

Or this…

To resolve the ambiguous authentication error, they can either change their ISE Certificate Authentication Profile to use a specific certificate attribute or remove the DNS Host Name (FQDN) and Host Name common names from the 802.1x section in their SCS profile.

1. Change the certificate attribute in Cisco ISE

   

2. Remove the Host name and DNS Hostname from the SCS profile