Hi Ray, Thank you for the response. I think I had it incorrectly configured then, as I put the Certificate Server for the authentication on the sign in page policy. You are saying the sign-in should have the RADIUS server for authentication, correct? I'm trying this and now it is immediately failing authentication. it looks like it's trying to authenticate as host instead of prompting for credentials. At some point I had it configured so it was prompting for credentials, but if it failed (or I hit cancel), then the entire connection failed. I need it to be always connected via machine cert and then have the option of logging on interactively with user credentials, always falling back to the always on mode. I must be missing something somewhere.
... View more