Client provisioning not working on ISE after 1.2 Migration

Similar Messages

• Client certificate not working in E51 after FW upd...

  In our company we have several E51 phones for using our mobile web services. In some cases we need to use client cetrificates for maximum security.
  The situation is: with older firmware versions (100.x/200.x) the certificate and TLS handshakes are working fine, but after upgarding to the latest version (300.x) the browser starts complaining "The operation cannot be completed" when trying to open the https connection. The problem seems to occur in the handshake phase, so debugging and analyzing the problem is very difficult. It's notable that the certificate itself is valid (working with older fw) and is installed just fine. Some cert details: Type: X.509 Algorithm: SHA1RSA
  Normal TLS connections without client certs work. The phones have been formatted and no backups have been restored after formatting, so the problem cannot be about old settings messing up the configuration.
  Has any other had similar problems and have you been able to solve it somehow?

  I am also having this problem where the certificate dialog (Windows Security is usually the title) is never prompted to the user. I tried it on several computers which are all part of the domain. The same computers can also login on another ADFS, so I have
  working certificates.
  I just get a page where a text says I should select a certificate but I never get the dialog to do so.
  Any updates on this issue?

• [solved] NFS client will not work correctly

  I have all my $HOME on an NFS Server. So long I used suse and debian, now I want switch to arch but the nfs-client ist not working correctly:
  I start "portmap nfslock nfsd netfs" over rc.conf. When I do a "rpcinfo -p <ip-arch-system>" I got the following
  stefan:/home/stefan # rpcinfo -p 192.168.123.3
     Program Vers Proto   Port
      100000    2   tcp    111  portmapper
      100000    2   udp    111  portmapper
      100021    1   udp  32768  nlockmgr
      100021    3   udp  32768  nlockmgr
      100021    4   udp  32768  nlockmgr
      100003    2   udp   2049  nfs
      100003    3   udp   2049  nfs
      100003    4   udp   2049  nfs
      100021    1   tcp  48988  nlockmgr
      100021    3   tcp  48988  nlockmgr
      100021    4   tcp  48988  nlockmgr
      100003    2   tcp   2049  nfs
      100003    3   tcp   2049  nfs
      100003    4   tcp   2049  nfs
      100005    3   udp    891  mountd
      100005    3   tcp    894  mountd
  As you see "status" is missing, so the statd is not running. It sould look like the result on my suse box:
  stefan:/home/stefan # rpcinfo -p 192.168.123.2
     Program Vers Proto   Port
      100000    2   tcp    111  portmapper
      100000    2   udp    111  portmapper
      100024    1   udp  32768  status
      100021    1   udp  32768  nlockmgr
      100021    3   udp  32768  nlockmgr
      100021    4   udp  32768  nlockmgr
      100024    1   tcp  35804  status
      100021    1   tcp  35804  nlockmgr
      100021    3   tcp  35804  nlockmgr
      100021    4   tcp  35804  nlockmgr
  There is the "status" line and so the statd is running.
  How can I fix that problem, so that statd ist running on my arch box too?
  Last edited by stka (2007-06-10 15:59:48)

  The Problem ist solved.
  I use ldap for authentication. During the setup of the ldapclient I copied the nsswitch.ldap to nsswitch.conf. But the line for "hosts:" was:
  hosts:          dns ldap
  but in my dns ist no localhost entry. After I changed this line to:
  hosts:          files dns ldap
  everything was ok. The statd is now running and I can start to migrate to archlinux ;-)

• BPC 7.5 Admin Client Links Not Working

  I am working in BPC 7.5 SP15 NW. I have recently upgraded to Windows 7 64-bit and now the links in the action pane in the desktop admin client are not working.  The cursor does not change from the nornal pointer to the hand.  That would indicate that the admin client is no longer recognizing them as links.  The links work fine in the desktop Excel client.  I am using 32-bit Excel 2010 with no other version of Office installed.
  Has anyone heard of this behavior and how to correct for it?

  Hi Kannan,
  i think this is a Osoft web site configuration issue, the error indicates that you have one duplicate section in the web site configuration file (web.config).
  If you didn't alter the web.config file then the problem may occur because when you use framework 4.0, the machine config already has some of the sections defined that were used in previous ASP.NEt versions.
  You should check which version of the MS Framework is configured for the application pool of the web site, change it to v2.
  Let me know if this solves the issue. Or if you need more help to resolve it.
  Kindest regards,

• HT5364 Adobe flash player not working on Safari after being installed, System OS X 10.9.2 has been just updated to Maverick

  Adobe flash player not working on Safari after being installed, System OS X 10.9.2 has been just updated to Maverick

      Enable Plug-ins
      Safari > Preferences > Security
      Internet Plug-ins >  "Allow  plug-ins"
      Enable it.
      Click "Manage Website Settings"
      Highlight "Adobe Flash Player", "Allow" and then "Done".

• RSS not working in Mail after MobileMe instal

  The title pretty much says it all "RSS not working in Mail after MobileMe instal" The names of the RSS feeds are still there but all have the triangle error message beside them.

  you may have already tried this but in the mailbox menu at the top, try to take all accounts offline then take them all back online again. if that doesn't work you can always do a rebuild which is kind of a pain, but it usually does the trick.

• The forward, back, refresh, and stop buttons are not working. Even after installing the latest version. Anyone else having this issue?

  The forward, back, refresh, and stop buttons are not working. Even after installing the latest Firefox update. Also my home page stopped loading upon startup even tho I have it setup to do so. Anyone else experiencing these issues? This is my second request for help and of course, Firefox on-line support is always closed.

  Those are all symptoms of a problem with the places.sqlite file, for details see http://kb.mozillazine.org/Locked_or_damaged_places.sqlite

• Send & Recieve functionality not working with  WebDav after installing Acrobat XI

  Send & Recieve functionality not working with  WebDav after installing Acrobat XI for PDF.  Acrobat XI is complete installations(Trial Version).

  Hi Kiro ,
  Did you try opening that file in any other browser ?If not ,please try doing that once and see if that  works for you.
  Try Repairing Acrobat once and see if  that helps.
  Launch Acrobat>Navigate to Help>Repair Acrobat Installation.
  Regards
  Sukrit Dhingra

• Quick time not working in safari after downloading flip4mac

  Quick time is not working in safari after downloading flip4mac. How do I get quick time to work within safari? It was working prior to flip4mac being installed but I need flip4mac for some websites.

  Hi
  Go to System Preferences>Flip4Mac>Browser
  Make sure the first two boxes are checked. Check the 3rd box if you want the QT controller to be displayed.
  Restart Safari
  Post back

• Zoom in and out is not working in folders after installing Lion OS

  Zoom in and out is not working in folders after installing Lion OS. Did not understand why?

  Feature has been removed AFAIK. As far as zoom is concerned, the new operating system has been..whatever the opposite of optimized is...pessimized?

• Webmail is not working internet explore after installed sp3 exchange 2007 roll up 15

  webmail is not working internet explore after installed sp3 exchange 2007 roll up 15 but mozill firefox webmail is working fine

  Hi,
  Does the issue happen to all users? What’s your IE version? Is there any error when you access OWA 2007 in IE?
  Please click Compatibility View settings in your Internet Explorer. Then, add the OWA site to the list of sites to be viewed in compatibility view and check whether the issue persists.
  Regards,
  Winnie Liang
  TechNet Community Support

• IOS 8.x Apple users and CISCO ISE native supplicant provisioning not working

  Hi there guys ,
  I was wondering if anybody else have the following problem:
  Apple iOS 8.x users are not able to register their devices on the ISE portal (native supplicant provisioning).
  After they receive the redirection from the WLC, they freeze. Apple 7.x users have no problem.
  ISE is version 1.2.1.198 patch 2.  WLC is running 8.0.102.14.
  Anybody experienced the same?
  MB

  I am also running ISE 1.2.1.198 patch 2 with 8.0.100.  I am testing with an iPad running IOS 8.1.  The device will register in the registration portal, but is not being classified as an IOS device within client provisioning, I believe.  It is getting profiled as a workstation even though all apple device profiles are enabled.  I have an authorization policy for registered devices, and ipad, iphone, ios devices to gain access to the network without going through posture assessment.  I then have my posture assessment authorization rules with apple IOS devices set for a ssid native supplicant profile.  I keep getting an error page on the iPad when connecting to the ISE SSID saying "Client Provisioning Portal     ISE is not able to apply an access policy to your log-in session at this time.  Please close this browser, wait approximately one minute, and try to connect again".  It gives this message over and over.  If I turn off the posture checking authorization profiles, the IOS device is selected as a rule further down which tells me that ISE does not recognize it as an IOS device in the profiling or client provisioning.

• DHCP client does not work poperly after systemd and Gnome 3.6 upgrade

  Upgraded my system today from Gnome 3.4 to 3.6 (and systemd was updated as well), and since then acquiring an IP address using DHCP does not work anymore.
  I am using IPv4 only internally, but neither dhclient or dhcpcd manages to get an IPv4 address.
  It seems like IPv6 is priority one, and beacuse there is no IPv6 DHCP server available NetworkManager aborts the whole setup process.
  To make sure that IPv6 should not be considered, I have changed "method" in NetworkManager to "Ignore" for IPv6.
  I have also tried to downgrade NM to 0.9.6.0 from 0.9.6.4 (since that version works on another, not upgraded, machine), without any result.
  Also switched dhclient to dhcpcd, without any result.
  The machine is a "pure" systemd machine.
  DHCP works for other devices in the network.
  Versions:
  systemd 195-2
  NetworkManager 0.9.6.4
  isc-dhclient-4.2.3-P2
  I have no issues on a system where following versions are running:
  systemd 189-4
  NetworkManager 0.9.6.0
  dhcpcd 5.6.2
  Log: http://pastebin.com/2wMC0JLe

  Think I have identified the issue now.
  Neither dhcpcd or dhclient is sending the host name properly to the DHCP server anymore. I had an IP address reserved in the DHCP server for my host and after deleting this reservation my host is able to acquire an IP (dynamic) address. The reserved static address could never be acquired.
  Conclusion: dhclient and dhcpcd is not sending the host name as before, causing the DHCP server to get stuck (while waiting for the host name) whenever a NIC with a reserved IP address is requesting an IP address.
  Downgrading the dhcp clients has not yet worked, so there might be some underlying component that is causing the problem. ath5k? systemd?

• Get-Member not working in ISE

  When i try to use Ge-member command in ISE it not work but it work without ISE ...?
  PS C:\> Get-WindowsFeature | Get-Member
  Get-WindowsFeature : The target of the specified cmdlet cannot be a Windows client-based operating system.
  At line:1 char:1
  + Get-WindowsFeature | Get-Member
  + ~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : DeviceError: (localhost:String) [Get-WindowsFeature], Exception
      + FullyQualifiedErrorId : WindowsClient_NotSupported,Microsoft.Windows.ServerManager.Commands.GetWindowsFeatureCommand

  when i try to access my core server from my domain using power shell i get error
  PS C:\> Enter-PSSession -ComputerName WIN-CORE -Credential 0SGMS\bhagwatritesh
  Enter-PSSession : Connecting to remote server WIN-CORE failed with the following error message : WinRM cannot process
  the request. The following error with errorcode 0x80090311 occurred while using Kerberos authentication: There are
  currently no logon servers available to service the logon request.
   Possible causes are:
    -The user name or password specified are invalid.
    -Kerberos is used when no authentication method and no user name are specified.
    -Kerberos accepts domain user names, but not local user names.
    -The Service Principal Name (SPN) for the remote computer name and port does not exist.
    -The client and remote computers are in different domains and there is no trust between the two domains.
   After checking for the above issues, try the following:
    -Check the Event Viewer for events related to authentication.
    -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
  use HTTPS transport.
   Note that computers in the TrustedHosts list might not be authenticated.
     -For more information about WinRM configuration, run the following command: winrm help config. For more
  information, see the about_Remote_Troubleshooting Help topic.
  At line:1 char:1
  + Enter-PSSession -ComputerName WIN-CORE -Credential 0SGMS\bhagwatritesh
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : InvalidArgument: (WIN-CORE:String) [Enter-PSSession], PSRemotingTransportException
      + FullyQualifiedErrorId : CreateRemoteRunspaceFailed

• HTTPS connection with client certificate not working in spartan

  Spartan does not show certificate for the user to select
  when I click the https link.
  The certificates (taken from a smartcard) are indeed present in the user CertStore.
  It works with IE 11 and Chrome.
  Has somebody any suggestions ?
  Thanks.

  in fact you are more using a reverse-proxy than a proxy since it is on the server part..
  You have to put all the SSL server part on the reserve-proxy itself and not on the final RSS feed. Then, the reverse-proxy will authenticate your client and gets its certificate. After that, either this proxy will open a plain connection (no ssl) towards the RSS, or you can also open a ssl connection but this means you must create a client certificate for the proxy. It just depends on the security level you need, and I used this solution many times in professional hosting.
  hope it helps !