I’ll never understand why anyone would use this encryption who doesn’t work for the government or an armed forces group.

Certificate based authentication can get really tricky.
First check your CRL in zeroshell.
Check your host certificates valid NOT BEFORE:NOT AFTER DATES
Check your dates and times on your test machines PC/Server
Check your certificate stores to verify the certificates are installed in the right places
Check for duplicates certificates with similar names that may cause conflicts
Recreate your vpn connectoid with a different name
Try unchecking simple certificate selection and specify your own during connection start
Try unchecking Validate server certificate to identify if it’s a certificate challenge error

EAP-MD5, LEAP, EAP-TLS, EAP-TTLS, PEAP are only fun to have when they’re working right.

More information is needed to concentrate troubleshooting.