ISE 1.1.2 failover - Syncronization issue

Hi everone,
Scenário:
I've deployed two Cisco ISE 1.1.2 nodes as follows:
Node 1 as Primrary Admin, Policy Server and Monitoring
Node 2 as Secondary Admin, Policy Server and Monitoring
All configured roles works as expected.
Problem:
Once I promote the Node 2 (Secondary node) to become the Primary the problem takes place as described bellow:
1- The Node 2 restarts the ISE Application and assumes the Primary Admin, Policy Server roles (but Monitoring role remains as Primary)
2- The Node 1 restarts the ISE Application too and Secondary Admin, Policy Server roles (but Monitoring role remains as Secondaary)
After the ISE Application becomes up in both nodes the syncronization status appear as NODE NOT REACHABLE.
Does anyone faced this issue before, or have any idea about it?
Thanks in advance.

I may have misunderstood your problem, but.... for your first problem, are you expecting the Monitor node status to change when you promote node 2? You're only promoting the admin role, the monitor role will remain unchanged unless you choose to change which is primary monitor node too (totally separate).
2nd problem. Sounds like certificate maybe? What are you using in the way of certs for the nodes to auth each other? Did you swap the self signed certs for instance between nodes? Changed certs recently and not delete old ones? I've seen old certs which seem to have been deleted hang around until a full reload.

Similar Messages

  • ISE and MS Active Directory Integration Issue

    It appears that our ISE 1.2 solution is having issues with nested MS AD Groups. The first login attempt always fails, the second occasionally works and the third always works. Has anyone else experience this login issues with ISE 1.2 and MS AD?
    Sent from Cisco Technical Support iPhone App

    Rick,
    I am a little lost in the screenshots you posted. In your AD groups that you have pulled I dont see an authorization policy mapped to the first group. In the authentication report it looks like authentication is successfull.
    I have seen that ISE will only display a few of the groups now in ISE 1.2 can you build a policy based on the the group you want it to show and then try your authentication again? That is when ISE will show the specific group as opposed to ise pre 1.2 where it would show more groups.
    Thanks,
    Tarik Admani
    *Please rate helpful posts*

  • ISE 1.3 laptop wireless connection issue & apple devices

    hi all,
    i am configuring ISE 1.3 with wireless lan controller 2504 with 7.4.121 version.
    i am using EAP-tls method of authentication . my certificate server everything working fine. i have one issue which is that i am trying to connect from my laptop i am getting the following error
    "The server "ISE.example.local" presented a valid certificate issued by "DC-CA", but "DC-CA" is not configured as a valid trust anchor for this profile. Further, the server "ISE.example.local" is not configured as a valid NPS server to connect to for this profile"
    but still i am able to connect and my profiling is working fine, but other laptops when i try to connect i am not getting any this kind of error . it directly says connection cannot connect.
    is this problem of certificate on the ISE or the laptop issue , the laptops are not in domain.
    even in the apple devices also when we put AD authentication it is accepting after that when we open the browser it is not going to the guest portal it saying some apple captiva portal some thing like that.
    please let me know anybody faced this issue?? what is the cause and solution.

    Dear, Freerk.
    Thank you for your information.
    I'd like to try captive bypass function then look at the traffic flow to understand very well, however, it looks like required reboot the controller.
    ours is not able to do rebooting process so that, only the choice will be I must search testing result by my self... if you have a result from your lab, could you share with me?
    Result message after enable captive bypassing configuration.
    (Cisco Controller) config>network web-auth captive-bypass enable 
    Web-auth support for Captive-Bypass will be enabled.
                                                        You must reset system for this setting to take effect.

  • Inexplainable 2008 Failover Cluster Issues

    Hi,
    We have a 2008 Failover Node & Disk Majority SQL 2005 cluster.
    There are 2 nodes in the cluster with 2008 Ent 64-bit SP2 installed.
    At around 00:20 each morning we see various FailoverClustering errors in the event logs on both servers.
    EventID: 1135, 1069, 1177
    Before the FailoverClustering events are seen, 2 informational events appear regarding the 'Microsoft Failover Clustering Virtual Adapater'
    EventID: 4201 'The system detected that network adapter Local Area Connection* 9 was connected to the network, and has initiated normal operation.'
    This is causing the resources to failover to the secondary node.
    I have run the Cluster Validation Wizard and everything passes. I have disabled the Windows Firewall service on both nodes.
    We are presenting the storage via NetApp and the nodes have 3 nics installed
    NIC1 - Server Vlan - Speed/Duplex Set to 1000Mb Full
    NIC2 - Storage Vlan - Speed/Duplex Set to 1000Mb Full
    NIC3 - Heartbeat - Speed/Duplex Set to 100Mb Full
    Please can anyone help me troubleshoot these issues ?
    Thanks
    Scott

    Hi Scott,
    Event ID 1135 — Cluster Service Startup
    http://technet.microsoft.com/en-us/library/dd353973(WS.10).aspx
    Event ID 1069 — Clustered Service or Application Availability
    http://technet.microsoft.com/en-us/library/dd353893(WS.10).aspx
    Event ID 1177 — Quorum and Connectivity Needed for Quorum
    http://technet.microsoft.com/en-us/library/dd353872(WS.10).aspx
    Event ID 4201 — TCP/IP Network Interface Connectivity
    http://technet.microsoft.com/en-us/library/dd392958(WS.10).aspx
    Hope it helps.
    Tim Quan - MSFT

  • ISE password expiration for Admin account issue

    OK .. we have been working on getting ISE up and running for a little while now and I have come across an odd and reoccurring issue with my admin accounts. I cannot figure out if there is something that we have missed in the setup or if there is and actual issue with the password policies. It seems that there is a "user" type password policy and then there is an "admin" type policy and am trying ti figure out if they are stepping on each other or something. I am running version 1.2.0.899 with patch 5,1.
    Here is the issue. I have started receiving password expiration reminders for the two admin accounts I have setup on the cluster. I have my address setup for an admin user named "admin" and an admin user named "wberry" and I receive two different e-mails for both accounts. The issue that I have is the dates listed in the e-mails. This is one e-mail that I get:
    The password for your local admin "wberry" is expiring on Mon Jun 01 09:43:03 CDT 2015. Please update immediately, by going to https://mem7700.spd.mli.corp/admin, signing-in, and clicking on the user name at the upper right corner.
    This is the second email that I get for the same account:
    Your network access password will expire on Thu Dec 03 08:43:03 CST 2015. Please contact your system administrator for assistance .
    As you can see the dates in the two messages are completely different. My admin policy is set with expired 180 days after creation and last change and the reminder is set to 10 days prior to expiration. The user password policy lifetime is also 365 days if password not changed with the reminder after 355 days. 
    Thoughts / recommendations.
    Brent

    Here you go:
    http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/application_networking_manager/4.1/user/guide/UG_over.html#wp1053919
    In fact, to reset the password, you must choose the change password option before you login the GUI.
    Cheers,
    Dom.

  • Windows 2008 R2 Failover Clustering Issue - The operation returned because the timeout period expired.

    I am trying to get a new Windows 2008 R2 cluster to work on two VMware servers (VMware ESXi 5.0.3) and am experiencing some form of timeout issue during the creation of the cluster according to the logs.
    All validation checks pass successfully, whether trying to create a single node or dual node cluster, but the same error message is seen when creating the cluster. I have tried various suggestions found but none of them have made a difference. In an effort
    to further diagnose the issue I enabled the following diagnostic logs:
     - FailoverClustering
     - FailoverClustering-Manager
     - FailoverClustering-Client
    The only useful error I can find is in the FailoverClustering-Client log which reports an error 'Couldn't resolve tcp binding to cluster' for each physical node to be part of the cluster.
    In order to further diagnose the cause of the issue, I am looking for any options for increasing logging when attempting to create the cluster. Is there a way to increase the logging to see what the actual timeout is occurring with?
    Alex.

    Sorry, I should have been more clear ...The servers I am attempting to create a cluster with are Virtual Servers running on a VMware ESXi (5.0.3). They have access to two shared disks (connected to each VM using a separate SCSI Controller from that for the
    disk used to install the OS) with Virtual SCSI Bus Sharing set within VMware.
    Each Virtual Server has two NICs configured (with static IPs) - one for internal (domain connectivity) and the other for heartbeat connectivity. The servers can ping each other via both interfaces, as expected, but only domain connectivity works via the
    internal NIC.
    I have tried creating a single node or dual node cluster and get the same error each time. When the cluster is attempting to be created I can see the new computer object is created in Active Directory (which is then deleted when the cluster creation fails)
    and I have also tried pre-creating the computer object and specifically setting permissions on it.
    When creating the cluster I have tried via the GUI and via PowerShell (both with and without the option to attach the shared storage) but always get the same type of timeout error message. I am hoping there are further debugging options that can be used
    to provide a better output as to what the timeout is occurring with.

  • ISE additional spacing and temperamental colur issues w/ function

    Hi All,
    We've got some weird DNS issues where our DNS server doesn't seem to hold the latest addresses for our machines as provided by our DHCP server.
    This is causing me a bit of a headache when trying to administer these machines remotely as I have to double check that the hostname points to the correct IP as otherwise I'll be making changes to a completely different machine than intended.
    I thought a quick win would be a little PowerShell script. It seems to return the results as I'd expect, but there seem to be some inconsistencies with spacing when the script terminates, and issues with the colours that I've applied to some of the write-host
    outputs.
    Weirdly, the colour output of the write-host doesn't appear to be an issue if I pass the Hostname parameter whilst calling the function. Only seems to be when I prompt the user by the Read-Host.
    The idea is:
    1) Get the IP of a given hostname
    2) Get the hostname of that given IP (to check that this matches the original hostname)
    3) Act accordingly with the results of the above
    I've tweaked the code so you can run with 'test' as the hostname
    Running w/ PowerShell 4.
    Set-PSDebug -Strict
    Set-StrictMode -Version Latest
    Clear-Host
    Function Test-DNS
    [CmdletBinding()]
    Param
    # Allow the user to specify the FQDN if it hasn't already been supplied
    $Hostname = (Read-Host "Please specify Hostname"),
    # Allow passing of the domain name.
    $Domain = 'test.co.uk'
    # Clear the screen after the read-host input
    Clear-Host
    # Throw an error if the hostname is not defined
    if(!($Hostname))
    Write-Host 'You have not specified a hostname. This script will now terminate.'
    Write-Host ''
    Break
    # Define variables and assign null values
    $IP_Response = @()
    $IP_Count = $null
    $Reverse_Lookup = $null
    $Full_DNS_Name = $null
    # Create the FQDN for a given hostname (if not already present)
    if($Hostname -like "*$Domain")
    $Full_DNS_Name = ($Hostname)
    else
    $Full_DNS_Name = ($Hostname + '.' + $Domain)
    # Display the hostname
    Write-Host $Hostname
    Write-Host ''
    # Try to grab the IP of a hostname and provide an error if this fails
    Try
    $IP_Response += '10.15.1.124' #([System.Net.Dns]::GetHostAddresses($Hostname) | Where {!($_.IsIPv6LinkLocal)}).IPAddressToString
    $IP_Count = $IP_Response.Count
    Catch [Exception]
    Write-Host 'Error:' $_.Exception.Message -ForegroundColor Red
    Write-Host ''
    Break
    # Check the number of results returned and warn the user if there are more than one
    if($IP_Count -gt 1)
    Write-Host 'WARNING:' $IP_Count 'addresses have been detected for this hostname.' -ForegroundColor Yellow
    Write-Host ''
    # Process each of the IPs that have been returned
    ForEach($IP in $IP_Response)
    Try
    $Reverse_Lookup = 'test' #([System.Net.Dns]::GetHostByAddress($IP).HostName)
    # If the reverse lookup matches the original hostname
    if(($Reverse_Lookup -eq $Hostname) -or ($Reverse_Lookup -eq $Full_DNS_Name))
    Write-Host 'Ping Response: ' $IP
    Write-Host 'Reverse Lookup:' $Reverse_Lookup
    Write-Host ''
    Write-Host 'Success: Reverse DNS lookup was successful.' -ForegroundColor Green
    Write-Host ''
    # If the above is not true
    else
    Write-Host 'Ping Response: ' $IP
    Write-Host 'Reverse Lookup:' $Reverse_Lookup
    Write-Host ''
    Write-Host 'Error: Reverse DNS lookup did not match the provided hostname.' -ForegroundColor Red
    Write-Host ''
    Catch [Exception]
    Write-Host $IP
    Write-Host 'Error:' $_.Exception.Message -ForegroundColor Red
    Write-Host ''
    Test-DNS
    This is what happens after a few runs (usually when I've terminated the script part way through), without passing the Hostname parameter:
    http://s16.postimg.org/sb2lehqdx/Output_1.png
    (It also applies to some of the other write-host outputs), including error messages and the dbg messages that appear when I set breakpoints)
    Now, onto the spacing issue...
    If I continue to refresh the screen or rerun the script, it will sometimes randomly put two blank spaces before terminating. I've only specified one. I can't understand why this happens
    This is how it appears when there are two spaces
    http://s23.postimg.org/bgtg0hx5n/Output_3.png
    I have just noticed that when it does display correctly (1 space), the first two characters of 'Success' are white, while the rest remain green.
    Can anybody shed any light on this? It's driving me round the bend!
    Cheers.

    I've changed the function to instead output a custom PSObject with the results, which are then processed by another script. I believe this is a much better approach and I don't have any issues as of yet with the spaces / colouring.
    For anyone interested, this is the end result:
    Function Test-DNS
    [CmdletBinding()]
    Param
    # Allow the user to specify the FQDN if it hasn't already been supplied
    [Parameter(Mandatory=$true)]
    $Hostname = $null,
    # Allow passing of the domain name.
    $Domain = 'domain.co.uk'
    # Throw an error if the hostname is not defined
    if(!($Hostname))
    Throw 'You must specify a Hostname'
    # Null variables
    $Forward_Host_Address = @()
    $Forward_Host_Address_Count = $null
    $FQDN = $null
    $Reverse_Hostname = $null
    $Result_Output = @()
    $Match = $null
    # Convert the Hostname to upper case and remove the domain from the hostname input (if included)
    $Hostname = $Hostname.ToUpper() -replace ".$Domain"
    # Create a variable for the FQDN of the specified host
    $FQDN = "$Hostname.$Domain"
    # Try to get the IP of the given hostname (forward lookup)
    Try
    $Forward_Host_Address += ([System.Net.Dns]::GetHostEntry($Hostname) | Select -ExpandProperty AddressList | Where {!($_.IsIPv6LinkLocal)}).IPAddressToString
    $Forward_Host_Address_Count = $Forward_Host_Address.Count
    Catch [Exception]
    Throw "A DNS record for $Hostname Could not be found"
    # Try to get the host name of the received IP(s) (reverse lookup)
    ForEach($IP_Response in $Forward_Host_Address)
    Try
    $Reverse_Hostname = ([System.Net.Dns]::GetHostEntry($IP_Response)).HostName
    Catch [Exception]
    Throw $_.Exception.Message
    if(($Reverse_Hostname -eq $Hostname) -or ($Reverse_Hostname -eq $FQDN))
    $Match = $true
    $Result_Output += New-Object PSObject -Property ([ordered]@{
    Hostname = $Hostname
    IP_Response = $IP_Response
    Reverse_Hostname = $Reverse_Hostname
    Match = $Match
    else
    $Match = $false
    $Result_Output += New-Object PSObject -Property ([ordered]@{
    Hostname = $Hostname
    IP_Response = $IP_Response
    Reverse_Hostname = $Reverse_Hostname
    Match = $Match
    Return $Result_Output
    Clear-Host
    Import-Module 'Test-DNS.ps1'
    $Hostname = $null
    $IP_Response = $null
    $Reverse_Hostname = $null
    $Reverse_Match = $null
    $Hostname = Read-Host 'Hostname'
    Write-Output ''
    $DNS_Check = Test-DNS $Hostname
    $IP_Response = $DNS_Check.IP_Response
    $Reverse_Hostname = $DNS_Check.Reverse_Hostname
    $Reverse_Match = $DNS_Check.Match
    Write-Output "Address Response: $IP_Response"
    Write-Output "Reverse Hostname: $Reverse_Hostname"
    Write-Output ''
    if($Reverse_Match)
    Write-Output '[OK] The reverse lookup matched the original request.'
    else
    Write-Output '[ERROR] The reverse lookup did not match the original request.'
    (Powershell 4)

  • OAM failover installation issues

    Hi,
    Our requirement is to install OAM with failover configuration. For that we have setup the Virtual Server Name for Oracle Internet Directory (to store the policy and config data) as oid.mydomain.com. I was able to connect to oid.mydomain.com using a ldap browser. Was successful in installing Identity Server, Web Pass and Policy Manager. But when i was trying to install the Access Manager, it was unable to create a windows service to start/stop/restart the service. Also, when i try to uninstall the access server and delete the Access Server Configuration from the Access system console it shows the following error:
    Error
    The following messages were produced by the product. Please contact your webmaster to fix the problem.
    Searching the directory server failed - DSA is unwilling to perform in LoadDBEntrySetSorted()
    Any idea on this error.
    Thanks in advance.

    Here are the steps I followed. I have one instance of OHS and installed everything except the WebGate on it. I took another box and installed WebGate on it and created a policy. You can even install WebGate on the same machine where you installed all the components and try to protect /access and /identity resources.
    Step 1: Install Oracle HTTP Server
    Step 2: Install Identity Server
    Step 3: Install WebPass
    Step 4: Setting Up Identity System Console
    Step 5: Installing Policy Manager
    Step 6: Configuring Access System Console
    Step 7: Setting Up Access Server
    Step 8: Installing Access Server
    Step 9A: Configuring WebGate
    Step 9B: Installing WebGate
    Step 10-1: Creating Host Identifier
    Step 10-2: Creating Authentication Scheme
    Step 10-3: Creating a Policy Domain
    Step 10-4: Creating Resources For Policy Domain
    Step 10-5: Creating Authorization Rule
    Step 10-6: Creating Default Rules
    Step 10-7: Creating Policies
    Step 10-8 Testing the Policies

  • Failover testing issue

    I was attempting to failover the Central Management database to the mirror server and it failed. The XDS and LIS databases are not on the mirror any more and the recovery model for the active ones is now set to simple. When I attempt to run install-csmirrordatabase
    it fails with a command not found exception.
    install-csmirrordatabase : Command execution failed: not found

    If you back up the database, restore it.
    You can refer to the following link to restore a database backup:
    http://msdn.microsoft.com/en-us/library/ms177429.aspx.
    Lisa Zheng
    TechNet Community Support

  • IPhone 3GS syncronization issues with Vista, Outlook Calendar

    Does anyone know how to get my iPhone 3GS to syncronize with my Outlook Calendar on a Vista PC?  It use to work, but for some reason it stopped syncronizing.

    Try resetting your sync history in itunes and trying again.

  • Issues getting url-redirect working with Cisco ISE

    Hi,
    I am currently doing a Proof of Concept using Cisco's new ISE product. I am having issues getting the url-redirect raidus attribute working. I have read the troubleshooting document and everything in it points to it should be working. By debuging the radius information on the switch I can see that its passing the url-redirect to the switch  which in my case is was https://DEVLABISE01.devlab.local:8443/guestportal/gateway?sessionId=0A00020A0000001604D3F5BE&action=cwa. Now to remove DNS issues etc from the equasion if I copy and paste this URL into the client browser it takes me to the correct place, and I can login and it changes VLAN's accordingly. Now as far as I know the client should automatticaly be redirected to this URL which is not working. Below I have included one of the debugs to show that the epm is in place.
    DEVLABSW01#show epm session ip 10.0.1.104
        Admission feature:  DOT1X
                  ACS ACL:  xACSACLx-IP-PRE-POSTURE-ACL-4de86e6c
         URL Redirect ACL:  ACL-WEBAUTH-REDIRECT
             URL Redirect:  https://DEVLABISE01.devlab.local:8443/guestportal/gateway?sessionId=0A00020A0000001604D3F5BE&action=cwa
    I have also attached my switch config. Any help would be greatly appreciated.
    Dan

    So im also doing ISE for the first time and i knew it may have been a bit tough however i didnt forsee my following issue.
    everything is working as expected other than every now and then (intermittent) the ISE Central Portal does not display on any device -android, windows, etc..... i checked and checked the configs, had probably about 10 TAC cases open..... this weekend i ripped out the main components, setup in the offfice and tried to replicate the issue....i could...what i noticed is that without Internet the ISE Portal didnt actually display....it sounds weird but thats what im seeing.....As soon as i plug into Internet Link into the equation, the portal page comes up.....im able to replicate it every time... Currently, i placed back into the customer network and im now looking down at the routing/firewall......
    my issue is that i cant really explain why the Internet affects the Central Auth Page.... In any event. im working backwards, tomorrow im bringing in a second link and doing NAT on a cisco router to bypass the checkpoint firewall....ill know if its checkpoint or if im barking up the wrong tree....
    if anyone can explain why, it would help out a great deal..
    My setup BTW is
    1. WLC 5760 - Not latest code but latest stable (recommended by the TAC Engineer)
    2. ISE 1.2 - Doing simple Wireless only implementation
    3. 3650 - Just acting like a switch - no ACLs etc - just a switch
    4. Integrated into AD
    Ill post back with any findings if i make any headway - BTW, i didnt like this at all as other solutions are so much simpler, BUT, i can now see how powerful this could potentially be for the right type of customer...
    thanks again how i can get some feedback

  • Cisco ISE Deployment issue

    Hi dears,
    I deployed the ISE primary and secondary mode. Then I did deregister the secondary ISE at Primary ISE. Now i want to register the same second ISE as secondary mode on Primary ISE. but this error occur:
    Unable to register SecondaryISE. Node is not a Standalone node.
    I connect the secondary ISE and see deployement personas
    Administration: Secondary
    Monitoring: Secondary
    Then  I did promote to primary command after that ISE is log out but the problem is not solve.
    version 1.20.8xx of both ISE's
    How i solve this issue?
    Thanks

    try by promoting the secondary ISE which you  have  de-registered to standlone and try registering it on primary now

  • ISE 1.2 - WLC 5508 (7.5x) - Windows 7 802.1X

    Hi ,
    We deployed ISE 1.2 (patch 3) with 5580 WLC to authenticate machines and users using 802.1x .
    We are experiencing a strange issue - randomly some machines authenticate fine over wireless and we are able to see logs on ISE and nexst day the same machine stops authenticating itself and ISE doesnt generate any log.. seems like somehow no request is coming to ISE.
    we have checked all the settings including wireless settings ,services, 802.1x settings on the laptop but struggling to find the a reason why randomly machine would work and then not work.
    whenever a machine works we see all the logs but when a machine doesnt work no log is generated in ise.
    has anyone experienced a similar issue?
    Thanks

    Thanks, we have figured it out.
    Machine Auth timer would expire after 12 hours and ISE had another setting where it would blacklist the client and supress logs for an hour if it sees more then certain amount of failed authentication attempts.
    Thanks

  • Ise 1.2.0.899 CWA Windows AD based

    Hi, I'm running ISE 1.2.0.899 patch 6
    When a use a internal ISE user which in the Identity Group "Onboard". The guest authentication, self registration and profiling are going just great (see picture) . But when I use a AD created user which on AD is in the same "Onboard"  security group, it is authenticated but further than that I got the message" The system admin has either not configured or enabled a policy for your device". Furthermore I can see in the log that the AD user is authenticatd with Identity Group "Any".  I tried several things in the authorization in matching the memberof/ external group based on "Onboard" with or without the guest flow specified.  If I manage to get the device to registered in the Identity Endpoint and I try to match on a AD group I see that is working.
    So to bottom line of this question is; if the BYOD/CYOD is not registered in the ISE ( Identity Endpoint)  which policy rule can I make so it will profile it as a android and put it as a registered device?
    Does anyone know how this can be configured?  Any help is appreciated.
    Thanks in advance,
    Kind regards, 
    Michel

    Hi Neno,
    I was mislead by the d0t1x AuthN in my first statement, if a connection is made on d0t1x with PEAP (mschapv2) then the AuthN check in the identity source sequence (first AD ) if the user exist. This is the case so this connection is allowed by AuthZ rule: BYOD_AD_D0t1x
    1. What do you have configured under: Administration > System > Settings > Profiling > CoA?
    currently it is configured for: "no COA"
    as the cisco documentation said:
    Exemptions for Issuing a Change of Authorization:
    An Endpoint Created through Guest Device Registration flow—When endpoints are created through device registration for the guests. Even though CoA is enabled globally in Cisco ISE, the profiling service does not issue a CoA so that the device registration flow is not affected. In particular, the PortBounce CoA global configuration breaks the flow of the connecting endpoint.

  • ISE 1.2.0.899 Patch 7

    Hey guys I have ISE 1.2.0.899 with patch 7 installed in my environment, also I have a WLC 5508 running version 7.4.121.0. We are authenticating our user with ISE. We are having an issue with our Guest WLAN, after we create an account with the sponsor portal for our guests, they can log in and get to the internet, but after 7 to 10 minutes the guest user is ask to re-authenticate again. I check in the WLC to see if there is any timeout for our Guest WLAN, but there not. At this point we don't know what is causing this problem since it only happens with the Guest WLAN, the other WLAN for Users that authenticate with AD credentials works without any problems. Is anybody experiencing this same issue? 

    Saurav Lodh, I did check the default time profile that is being used the sponsor. I even created a custom time profile to rule out any timeout on the Guest account, but even with the custom profile time the Guest account times out between 7 to 10 minutes and asks to re-authenticate again. I don't know if there is another place to look out for any timeouts, or is it maybe a bug with this version of ISE, but I couldn't find anybody else having this same issue which makes me think that it has to be a setting that is causing this problem.

Maybe you are looking for

  • Calendar in Month view

    When my calendar is in month view, how can I get it to read Sunday-Saturday? Right now it reads Monday-Sunday. On my computer in outlook it reads Sunday-Saturday. PLEASE HELP..

  • Error: The document could not be saved

    Hi I opened one of pdf file from mapped network drive and then make comment in it and  I am unable to save it. I receive the following error " The document could not be saved. Cannot save to this filename. Please save the document with a different na

  • SAP UI5 export to PDF ( Fetch data dynamically )

    Hello Everyone, I am creating a utility wherein the data ( table ) would be fetched from the back end and then it would be displayed on the front end. I have follewed the approach of Chandrashekhar ( Display Smartform (PDF) in SAPUI5   ) but I want t

  • Transfer iCloud data from 4 to 4S

    I'm having trouble with my iCloud data transfer.  I'm trying to send info from my iPhone 4 to my 4S.  Can you make a comprehensible step-by-step set of instructions on how to transfer data from a previous generation to a newer one?

  • I want to learn how to use the existing stationary in Mail and add my own stationary.

    I use the stationary in my Mail program often.  I would like to learn more about using it, changing it, making my own stationary to use in Mail - and also to allow PC users to receive it.