With the root cause of this issue being:
<Data Name="EAPRootCauseString">A certificate could not be found that can be used with this Extensible Authentication Protocol>
My first place is to make sure that the user/device certificate (whichever one you are using) is installed on the machine.
It needs to be in the "Personal" store.
Remove all other certificates here if they are not required.
Ensure the correct internal Root CA certificate is also installed and deployed to the device.
Do you use templates to auto-enroll device/user certificates via an internal CA?
If so, make sure you are only deploying or have certificates for "Auto-Enroll" for the authentication type you need, Device or User.
The Internal RADIUS server will need a specific setting enabled to accept Device authentication, and would fail if the device certificate was offered out upon authentication.
Hope this helps, and gives you a starting point at least!