Client provisioning not working on ISE after 1.2 Migration
Working on an initial piloted roleout of ISE with a customer. We initially had a single server setup as a pilot using 1.1.1.4 to pilot things like client supplicant provision, and then stood up a new VM as a secondary and upgraded that to 1.2. Today we tested client provisioning that work fine before, and it is failing for iOS (we haven't gotten to the other OS'es yet). What occurs is the user authenticates using PEAP and the client gets the request to install the root certificate. After this the client accepts the root certificate the connection drops. When you click the SSID to start the process again we see the redirect to the mydevices portal, but before you can click to register the client it redirected to accept the root certificate again, creating an endless loop. Has anyone else run into this bug?
Please update the patch useing the below details and try it.
To upload offline client provisioning resources, complete the following steps:
Step 1 Go to the Download Software web page at http://www.cisco.com/cisco/software/navigator.html?a=a&i=rpm. You may need to provide login credentials.
Step 2 Navigate to Products > Security > Access Control and Policy > Cisco Identity Services Engine > Cisco Identity Services Engine Software.
Choose from the following Off-Line Installation Packages available for download:
•win_spw--isebundle.zip— Off-Line SPW Installation Package for Windows
•mac-spw-.zip — Off-Line SPW Installation Package for Mac OS X
•compliancemodule--isebundle.zip — Off-Line Compliance Module Installation Package
•macagent--isebundle.zip — Off-Line Mac Agent Installation Package
•nacagent--isebundle.zip — Off-Line NAC Agent Installation Package
•webagent--isebundle.zip — Off-Line Web Agent Installation Package
Step 3 Click Download or Add to Cart.
Similar Messages
-
Client certificate not working in E51 after FW upd...
In our company we have several E51 phones for using our mobile web services. In some cases we need to use client cetrificates for maximum security.
The situation is: with older firmware versions (100.x/200.x) the certificate and TLS handshakes are working fine, but after upgarding to the latest version (300.x) the browser starts complaining "The operation cannot be completed" when trying to open the https connection. The problem seems to occur in the handshake phase, so debugging and analyzing the problem is very difficult. It's notable that the certificate itself is valid (working with older fw) and is installed just fine. Some cert details: Type: X.509 Algorithm: SHA1RSA
Normal TLS connections without client certs work. The phones have been formatted and no backups have been restored after formatting, so the problem cannot be about old settings messing up the configuration.
Has any other had similar problems and have you been able to solve it somehow?I am also having this problem where the certificate dialog (Windows Security is usually the title) is never prompted to the user. I tried it on several computers which are all part of the domain. The same computers can also login on another ADFS, so I have
working certificates.
I just get a page where a text says I should select a certificate but I never get the dialog to do so.
Any updates on this issue? -
[solved] NFS client will not work correctly
I have all my $HOME on an NFS Server. So long I used suse and debian, now I want switch to arch but the nfs-client ist not working correctly:
I start "portmap nfslock nfsd netfs" over rc.conf. When I do a "rpcinfo -p <ip-arch-system>" I got the following
stefan:/home/stefan # rpcinfo -p 192.168.123.3
Program Vers Proto Port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100021 1 udp 32768 nlockmgr
100021 3 udp 32768 nlockmgr
100021 4 udp 32768 nlockmgr
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100021 1 tcp 48988 nlockmgr
100021 3 tcp 48988 nlockmgr
100021 4 tcp 48988 nlockmgr
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100005 3 udp 891 mountd
100005 3 tcp 894 mountd
As you see "status" is missing, so the statd is not running. It sould look like the result on my suse box:
stefan:/home/stefan # rpcinfo -p 192.168.123.2
Program Vers Proto Port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 32768 status
100021 1 udp 32768 nlockmgr
100021 3 udp 32768 nlockmgr
100021 4 udp 32768 nlockmgr
100024 1 tcp 35804 status
100021 1 tcp 35804 nlockmgr
100021 3 tcp 35804 nlockmgr
100021 4 tcp 35804 nlockmgr
There is the "status" line and so the statd is running.
How can I fix that problem, so that statd ist running on my arch box too?
Last edited by stka (2007-06-10 15:59:48)The Problem ist solved.
I use ldap for authentication. During the setup of the ldapclient I copied the nsswitch.ldap to nsswitch.conf. But the line for "hosts:" was:
hosts: dns ldap
but in my dns ist no localhost entry. After I changed this line to:
hosts: files dns ldap
everything was ok. The statd is now running and I can start to migrate to archlinux ;-) -
BPC 7.5 Admin Client Links Not Working
I am working in BPC 7.5 SP15 NW. I have recently upgraded to Windows 7 64-bit and now the links in the action pane in the desktop admin client are not working. The cursor does not change from the nornal pointer to the hand. That would indicate that the admin client is no longer recognizing them as links. The links work fine in the desktop Excel client. I am using 32-bit Excel 2010 with no other version of Office installed.
Has anyone heard of this behavior and how to correct for it?Hi Kannan,
i think this is a Osoft web site configuration issue, the error indicates that you have one duplicate section in the web site configuration file (web.config).
If you didn't alter the web.config file then the problem may occur because when you use framework 4.0, the machine config already has some of the sections defined that were used in previous ASP.NEt versions.
You should check which version of the MS Framework is configured for the application pool of the web site, change it to v2.
Let me know if this solves the issue. Or if you need more help to resolve it.
Kindest regards, -
Adobe flash player not working on Safari after being installed, System OS X 10.9.2 has been just updated to Maverick
Enable Plug-ins
Safari > Preferences > Security
Internet Plug-ins > "Allow plug-ins"
Enable it.
Click "Manage Website Settings"
Highlight "Adobe Flash Player", "Allow" and then "Done". -
RSS not working in Mail after MobileMe instal
The title pretty much says it all "RSS not working in Mail after MobileMe instal" The names of the RSS feeds are still there but all have the triangle error message beside them.
you may have already tried this but in the mailbox menu at the top, try to take all accounts offline then take them all back online again. if that doesn't work you can always do a rebuild which is kind of a pain, but it usually does the trick.
-
The forward, back, refresh, and stop buttons are not working. Even after installing the latest Firefox update. Also my home page stopped loading upon startup even tho I have it setup to do so. Anyone else experiencing these issues? This is my second request for help and of course, Firefox on-line support is always closed.
Those are all symptoms of a problem with the places.sqlite file, for details see http://kb.mozillazine.org/Locked_or_damaged_places.sqlite
-
Send & Recieve functionality not working with WebDav after installing Acrobat XI
Send & Recieve functionality not working with WebDav after installing Acrobat XI for PDF. Acrobat XI is complete installations(Trial Version).
Hi Kiro ,
Did you try opening that file in any other browser ?If not ,please try doing that once and see if that works for you.
Try Repairing Acrobat once and see if that helps.
Launch Acrobat>Navigate to Help>Repair Acrobat Installation.
Regards
Sukrit Dhingra -
Quick time not working in safari after downloading flip4mac
Quick time is not working in safari after downloading flip4mac. How do I get quick time to work within safari? It was working prior to flip4mac being installed but I need flip4mac for some websites.
Hi
Go to System Preferences>Flip4Mac>Browser
Make sure the first two boxes are checked. Check the 3rd box if you want the QT controller to be displayed.
Restart Safari
Post back -
Zoom in and out is not working in folders after installing Lion OS
Zoom in and out is not working in folders after installing Lion OS. Did not understand why?
Feature has been removed AFAIK. As far as zoom is concerned, the new operating system has been..whatever the opposite of optimized is...pessimized?
-
Webmail is not working internet explore after installed sp3 exchange 2007 roll up 15
webmail is not working internet explore after installed sp3 exchange 2007 roll up 15 but mozill firefox webmail is working fine
Hi,
Does the issue happen to all users? What’s your IE version? Is there any error when you access OWA 2007 in IE?
Please click Compatibility View settings in your Internet Explorer. Then, add the OWA site to the list of sites to be viewed in compatibility view and check whether the issue persists.
Regards,
Winnie Liang
TechNet Community Support -
IOS 8.x Apple users and CISCO ISE native supplicant provisioning not working
Hi there guys ,
I was wondering if anybody else have the following problem:
Apple iOS 8.x users are not able to register their devices on the ISE portal (native supplicant provisioning).
After they receive the redirection from the WLC, they freeze. Apple 7.x users have no problem.
ISE is version 1.2.1.198 patch 2. WLC is running 8.0.102.14.
Anybody experienced the same?
MBI am also running ISE 1.2.1.198 patch 2 with 8.0.100. I am testing with an iPad running IOS 8.1. The device will register in the registration portal, but is not being classified as an IOS device within client provisioning, I believe. It is getting profiled as a workstation even though all apple device profiles are enabled. I have an authorization policy for registered devices, and ipad, iphone, ios devices to gain access to the network without going through posture assessment. I then have my posture assessment authorization rules with apple IOS devices set for a ssid native supplicant profile. I keep getting an error page on the iPad when connecting to the ISE SSID saying "Client Provisioning Portal ISE is not able to apply an access policy to your log-in session at this time. Please close this browser, wait approximately one minute, and try to connect again". It gives this message over and over. If I turn off the posture checking authorization profiles, the IOS device is selected as a rule further down which tells me that ISE does not recognize it as an IOS device in the profiling or client provisioning.
-
DHCP client does not work poperly after systemd and Gnome 3.6 upgrade
Upgraded my system today from Gnome 3.4 to 3.6 (and systemd was updated as well), and since then acquiring an IP address using DHCP does not work anymore.
I am using IPv4 only internally, but neither dhclient or dhcpcd manages to get an IPv4 address.
It seems like IPv6 is priority one, and beacuse there is no IPv6 DHCP server available NetworkManager aborts the whole setup process.
To make sure that IPv6 should not be considered, I have changed "method" in NetworkManager to "Ignore" for IPv6.
I have also tried to downgrade NM to 0.9.6.0 from 0.9.6.4 (since that version works on another, not upgraded, machine), without any result.
Also switched dhclient to dhcpcd, without any result.
The machine is a "pure" systemd machine.
DHCP works for other devices in the network.
Versions:
systemd 195-2
NetworkManager 0.9.6.4
isc-dhclient-4.2.3-P2
I have no issues on a system where following versions are running:
systemd 189-4
NetworkManager 0.9.6.0
dhcpcd 5.6.2
Log: http://pastebin.com/2wMC0JLeThink I have identified the issue now.
Neither dhcpcd or dhclient is sending the host name properly to the DHCP server anymore. I had an IP address reserved in the DHCP server for my host and after deleting this reservation my host is able to acquire an IP (dynamic) address. The reserved static address could never be acquired.
Conclusion: dhclient and dhcpcd is not sending the host name as before, causing the DHCP server to get stuck (while waiting for the host name) whenever a NIC with a reserved IP address is requesting an IP address.
Downgrading the dhcp clients has not yet worked, so there might be some underlying component that is causing the problem. ath5k? systemd? -
When i try to use Ge-member command in ISE it not work but it work without ISE ...?
PS C:\> Get-WindowsFeature | Get-Member
Get-WindowsFeature : The target of the specified cmdlet cannot be a Windows client-based operating system.
At line:1 char:1
+ Get-WindowsFeature | Get-Member
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : DeviceError: (localhost:String) [Get-WindowsFeature], Exception
+ FullyQualifiedErrorId : WindowsClient_NotSupported,Microsoft.Windows.ServerManager.Commands.GetWindowsFeatureCommandwhen i try to access my core server from my domain using power shell i get error
PS C:\> Enter-PSSession -ComputerName WIN-CORE -Credential 0SGMS\bhagwatritesh
Enter-PSSession : Connecting to remote server WIN-CORE failed with the following error message : WinRM cannot process
the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: There are
currently no logon servers available to service the logon request.
Possible causes are:
-The user name or password specified are invalid.
-Kerberos is used when no authentication method and no user name are specified.
-Kerberos accepts domain user names, but not local user names.
-The Service Principal Name (SPN) for the remote computer name and port does not exist.
-The client and remote computers are in different domains and there is no trust between the two domains.
After checking for the above issues, try the following:
-Check the Event Viewer for events related to authentication.
-Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
use HTTPS transport.
Note that computers in the TrustedHosts list might not be authenticated.
-For more information about WinRM configuration, run the following command: winrm help config. For more
information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession -ComputerName WIN-CORE -Credential 0SGMS\bhagwatritesh
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (WIN-CORE:String) [Enter-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed -
HTTPS connection with client certificate not working in spartan
Spartan does not show certificate for the user to select
when I click the https link.
The certificates (taken from a smartcard) are indeed present in the user CertStore.
It works with IE 11 and Chrome.
Has somebody any suggestions ?
Thanks.in fact you are more using a reverse-proxy than a proxy since it is on the server part..
You have to put all the SSL server part on the reserve-proxy itself and not on the final RSS feed. Then, the reverse-proxy will authenticate your client and gets its certificate. After that, either this proxy will open a plain connection (no ssl) towards the RSS, or you can also open a ssl connection but this means you must create a client certificate for the proxy. It just depends on the security level you need, and I used this solution many times in professional hosting.
hope it helps !
Maybe you are looking for
-
How can I send an e-fax from my iMac
How can I send an e-fax from my iMac to another iMac or a windown machine?
-
Wireless Mighty Mouse Not Scrolling After Update to 10.6.8
The use to work wireless migthy mouse stop working after system update to 10:6:8 Tried pair and unpair and re-setup, downloading USB Overdrive and uninstall it, still no used. This is frustrating, Apple, your service had not improved and getting wo
-
Using libraries vs. Bridge for graphics in placeholder frames
Hi, I do not understand the advantanges of using libraries vs. Bridge for my purpose: Purpose: I am working with templates using graphic placeholder frames. The frames are anchored in table cells and have object styles applied defining e.g. the place
-
I have a 122 MB word document I MUST convert to a PDF but it will only convert a 100 MB document. HELP
-
Installing MI Client 7.0 on a storage card
Hi All, Is it possible to install the client on a storage card an if so could anyone please direct me as to the additional setting changes that I need to make. Tried it but it does not seem to find the sync url but when I install it on the device it