ISE Guest Activity Report not working (1.2.0.899)

Similar Messages

• ISE Guest activity reports configuration

  Hi All,
  I am trying to obtain guest activity report pertaining to the websites accessed by the guests. I have a standalone ISE deployement (1.1.2) running all personas. I am following the instructions on this document in a way:
  http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a0080ac2fda.shtml#asac
  I have configured the sysloging on my ASA gateway this way:
  logging on
  logging list WebLogging message 304001
  logging trap WebLogging
  logging facility 21
  logging host inside <ISE-ip-address> 17/20514
  I also configured http inspection:
  policy-map global_policy
  class inspection_default
    inspect http
  service-policy global_policy global
  Accounting is configured on the WLC and pointing to the ISE node.
  I am using CWA for guest access. This is working as expected. The Sponsor creates the account then the guest logs in successfully using the account created. I only need to have the guest activity reported. So far no luck and the activity report is empty. Any pointers are greatly appreciated.
  Fadi

  Hi Fashour:
  I will began test to generate this kind of reports soon (I need to wait por authorization to get access to ASA and change current config) I have some questions:
  Did you configure something in the ISE to enable it as syslog server?
  Can it be possible that you paste an image with the report results as a sample? I like to show my company and my customer what kind of reports we should expect ..
  Regards.

• Activity Report Not Working

  Hello - I apologize if this information is already posted somewhere but I was not able to easily find a solution my problem which is this:
  I would like to gather statistics on how many times a number of iViews or pages were requested / viewed. I have enabled data collection, and modified the "monitor hits" property to yes on the iViews I'm interested in, as well as added them to the selected content in my Page/iVew activity iView. Even though I have these things set up I do not see the page views showing up on this custom activity report iView I've created. I get the message: No content available for the specified period.
  However, the standard Activity Reports page under Content Administration shows the info I want just fine.. I'm not sure why it works in the standard one but not mine - does anyone have an idea of a configuration step I may be missing?
  Thanks

  Hello Andrew,
  Please check that the iViews/Pages inserted into the content list
  table are those who are accessible to the end-user. This means that you
  should add to this table the objects from the role (since they have
  a different ID, therefore they are different object).
  Regards,
  Victoria Gur
  Installed Base Development Engineer
  NetWeaver Portal Platform
  SAP Labs Israel

• ISE Guest Port Direction not working

  Hi Guys,
  Got a problem here with ISE guest authentication.
  My configuration in the WLC is as bellows:
  And the configuration in my ISE is as bellows:
  After my device connects to the SSID, I cannot be redirected to the guest portal, no redirection URL showed up in my browser, while the URL is pushed to the WLC client as bellows:
  DNS A record has been added before and I can open the FQDN.
  Can anyone help me about this? Thanks!
  Best Regards,
  Savi

  Are you able to ping / nslookup to ISE.wuscnad.com from the test client?
  Also, please provide a screen shot of the set of ACL's CWA-Guest from the WLC?
  Here is a document you can go through to configure wireless CWA  
  http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
  Regards,
  Jatin

• Cisco ISE guest portal redirect not working after successful authentiation and URL redirect.

  Hi to all,
  I am having difficulties with an ISE deployment which I am scratching my head over and can't fathom out why this isn't working.
  I have an ISE 3315 doing a captive webportal for my guest users who are on an SSID.  The users are successfully redirected by the WLC to the following URL:https://x.x.x.x:8443/guestportal/Login.action?portalname=XXX_Guest_Portal
  Now when the user passes through the user authentication splash screen they get redirected to https://x.x.x.x:8443/guestportal/guest/redir.html and recieve the following error:
  Error: Resource not found.
  Resource: /guestportal/
  Does anyone have any ideas why the portal is doing this?
  Thanks
  Paul

  Hello,
  As you are not able to  get the guest portal, then you need to assure the following things:-
  1) Ensure that the  two  Cisco av-pairs that are configured on the  authorization profile should  exactly match the example below. (Note: Do  not replace the "IP" with the  actual Cisco ISE IP address.)
  –url-redirect=https://ip:8443/guestportal/gateway?...lue&action=cpp
  –url-redirect-acl=ACL-WEBAUTH-REDIRECT (ensure that this ACL is also  defined on the access switch)
  2) Ensure that the URL redirection portion of the ACL have been  applied  to the session by entering the show epm session ip   command on the switch. (Where the session IP is the IP address  that is  passed to the client machine by the DHCP server.)
  Admission feature : DOT1X
  AAA Policies : #ACSACL#-IP-Limitedaccess-4cb2976e
  URL Redirect ACL : ACL-WEBAUTH-REDIRECT
  URL Redirect :
  https://node250.cisco.com:8443/guestportal/gateway?sessionId=0A000A72
  0000A45A2444BFC2&action=cpp
  3) Ensure that the preposture assessment DACL that is enforced from  the  Cisco ISE authorization profile contains the following command  lines:
  remark Allow DHCP
  permit udp any eq bootpc any eq bootps
  remark Allow DNS
  permit udp any any eq domain
  remark ping
  permit icmp any any
  permit tcp any host 80.0.80.2 eq 443 --> This is for URL redirect
  permit tcp any host 80.0.80.2 eq www --> Provides access to internet
  permit tcp any host 80.0.80.2 eq 8443 --> This is for guest portal
  port
  permit tcp any host 80.0.80.2 eq 8905 --> This is for posture
  communication between NAC agent and ISE (Swiss ports)
  permit udp any host 80.0.80.2 eq 8905 --> This is for posture
  communication between NAC agent and ISE (Swiss ports)
  permit udp any host 80.0.80.2 eq 8906 --> This is for posture
  communication between NAC agent and ISE (Swiss ports)
  deny ip any any
  Note:- Ensure that the above URL Redirect has the proper Cisco ISE FQDN.
  4) Ensure that the ACL with the name "ACL-WEBAUTH_REDIRECT" exists on  the switch as follows:
  ip access-list extended ACL-WEBAUTH-REDIRECT
  deny ip any host 80.0.80.2
  permit ip any any
  5) Ensure that the http and https servers are running on the switch:
  ip http server
  ip http secure-server
  6) Ensure that, if the client machine employs any kind of personal  firewall, it is disabled.
  7) Ensure that the client machine browser is not configured to use any  proxies.
  8) Verify connectivity between the client machine and the Cisco ISE IP  address.
  9) If Cisco ISE is deployed in a distributed environment, make sure  that  the client machines are aware of the Policy Service ISE node FQDN.
  10) Ensure that the Cisco ISE FQDN is resolved and reachable from the  client machine.
  11) Or you need to do re-image again.

• ISE Guest Activity Report

  In accord with the user guide, ISE should be able to report what URLs a guest had visited. For this functionality to work "you must enable guest access syslogging configuration on the NAD that inspects guest traffic in your Cisco ISE network".
  How can I do that if my guest users only have access through wireless? I mean what should I config in the WLC?
  Thanks in advance

  In Cisco ISE, system logs are collected at locations called logging targets. Targets refer to the IP addresses of the servers that collect and store logs.
  ISE has the following default targets, which are dynamically configured in the loopback addresses of the local system:
  •LogCollector—Default syslog target for the Log Collector.
  •ProfilerRadiusProbe—Default syslog target for the Profiler Radius Probe.
  You can generate and store logs locally, or you can use the FTP facility to transfer them to an external server.
  Please check the following link,
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_logging.html#wp1076091

• ISE Guest Portal redirection not working

  I have built a lab at home. I have a Win2008 Server for AD/DNS, ISE 1.2 (VM trial), a 3560-cg switch, 2500 WLC and 2602i AP. I have configured everything as per the documentations online. My issue is that when I connect to the open SSID, it gets connected and has the dns server populated as well, but the redirection never takes place. I can search for google or cnn.com but it just stays at looking up host or something. However, if i take the redirect URL from the WLC and then do it on the browser, it does go to the guest portal. Let me know what issues I can see and if there is any other information I can provide.

  Issue resolved.
  Since my lab environment didnt have access to the internet and hence dns servers 8.8.8.8 would not resolve any public ips. But when an address is resolvable by a dns then it redirects nicely. For test I created a dns entry on the dns server itself and tested it.
  Sent from Cisco Technical Support Android App

• CDR report not working

  Hi,
  We have LYNC 2013 and Monitoring is enabled. the CDR report is not working. even User Activity summary for telconferencing and for audio, reports not working.
  Kindly suggest troubleshooting steps.
  Can we have any SQL query to fetch the report from database?
  Thanks
  jitender

  Hi Raju,
  From Monitoring server , CDR report is not working. Even "User Activity Report" not working and giving below error for "Telephony Conference" and as well for "A/V Conference"
  " No results match the report filters. Change the filter values and submit the query again."
  Thanks
  jitender

• Hierarchical Tree: When-Tree-Node-Activated is not working

  I'm working Forms 10G rel.2.1 and also using application server 10G 2.
  my problem is in Hierarchical Tree [When-Tree-Node-Activated] is not working in Enter this is working in Enter+Tab
  I want to this trigger is working in only Enter.
  I'm waiting quick response

  node_value is only item which have transfer the form or report name
  Trigger Name : WHEN-TREE-NODE-ACTIVATED
  Declare      
       htree                Item ;
  Begin
       --clear_values;
  --           htree := Find_Item('tree.htree');
  -- Find the value of the node clicked on.
  :node_value := ftree.Get_Tree_Node_Property(htree, :SYSTEM.trigger_NODE, Ftree.NODE_VALUE);
  ----Above node value transfer the procedure and call the form with node_value(Form Name)
       Execute_CMD_PROC;
  Exception
       When Others Then Null;
  End ;
  when i enter then no value but when i enter+tab then show the form

• Pick activity is not working properly while creating two or more file adapt

  Hi,
  pick activity is not working properly while creating two or more file adapter for bpel process.
  bpel process compiled and deployed succesfully but while observing the wsdl file of deployed process you can find only one file adapter. so it polls only from that location.
  can anybody help on over this? or it's limitation of jdev to use only one file adapter at time while using Pick.
  Thanks
  sagar

  Does anybody tried this?
  Thanks
  sagar

• Drill down report not working in 1og report

  hi all,
  Drill down report not working in 1og.
  in 6i it working good but 10g not working .
  plz help any one.
  thanks

  Hello,
  For detailled instructions about hyperlinks :
  Oracle® Reports Building Reports
  10g Release 2 (10.1.2)
  B13895-01
  3.6.10.1.8 Creating a hyperlink using the Property Inspector
  http://download-uk.oracle.com/docs/cd/B14099_17/bi.1012/b13895/orbr_howto.htm#i1062802
  Regards

• IPS event monitor and reports not working

  Dear after upgrading my IPS from E3 to E4  the event monitor  and reports not working, can you please advice my to solve this issues

  Hi All,
  Filter settings below:
  The filter works partially as I don't get alerts on the IPS itself.
  Firewall LOG:
  4          Feb 14 2014          15:33:22                              39715                    514          IPS requested to drop UDP packet from SOURCE_VLAN_NUMBER:/39715 to DESTINATION_VLAN_NUMBER:/514
  IPS LOG (when enabled):
  evIdsAlert: eventId=1352793300955167909  vendor=Cisco  severity=low 
    originator:  
      hostId: SSM02 
      appName: sensorApp 
      appInstanceId: 1192 
    time: Feb 14, 2014 15:33:22 UTC  offset=0  timeZone=GMT00:00 
    signature:   description=IP Fragment Too Small  id=1206  version=S212  type=anomaly  created=20030801 
      subsigId: 0 
      sigDetails: Too many small IP fragments in datagram 
    interfaceGroup: vs0 
    vlan: 0 
    participants:  
      attacker:  
        addr: 172.x.x.x  locality=OUT 
        port: 39715 
      target:  
        addr: x.x.x.x  locality=OUT 
        port: 514 
        os:   idSource=unknown  type=unknown  relevance=relevant 
    alertDetails: InterfaceAttributes:  context="single_vf" physical="Unknown" backplane="GigabitEthernet0/1" ; 
    riskRatingValue: 50  targetValueRating=medium  attackRelevanceRating=relevant 
    threatRatingValue: 50 
    interface: GigabitEthernet0/1  context=single_vf  physical=Unknown  backplane=GigabitEthernet0/1 
    protocol: udp 
  Our next step is to make a service policy exception on the firewall itself. We are also considering reloading the IPS device or at least the analysis engine.
  Thanks for all your help so far. Any more suggestions are most welcome. I'll keep you up to date.
  Regards
  Mariusz

• Mysites Activity feed not working

  Hi,
  I have restored Mysite Content database.After restoring it, Profile pictures coming correctly but activity feed and trending tags not working(coming blank).
  After restore db i did following:
  IIS reset
  Server reboot
  Mysite setup settings(activity feed enabled)
  Alernate access mapping.
  Still activity feed not working.Please suggest.

  Hello
  Have you checked the timer job ?
  http://technet.microsoft.com/en-us/library/hh344225(v=office.15).aspx
  Best regards, Christopher.
  Blog |
  Mail
  Please remember to click "Mark As Answer" if a post solves your problem or
  "Vote As Helpful" if it was useful.
  Why mark as answer?

• HT2188 iPad 1 requested activation after being low on power. Activation does not work.

  Hi
  My iPad 1 requested activation after being low on power. Activation does not work so I have tried to restore it from iTunes.  this progresses but after rebooting, it gets to the activation process for a few minutes and re-boots again - in a loop now. on ios6, not 7. help please?
  I also looked at trying to do a manual install of firmware via iTunes but I do not know the version of firmware or how to find it out - so really stuck!
  Thanks

  I pulled my unit out of the dock - powered up and the display goes blank (if you look carefully you can see the bios boot screen, then black, then you can see the backlight turn off.
  I plugged in the USB monitor and boom - I could log in.
  Once Logged in I could see that windows still thinks it has some of the monitors from the dock, and the internal display is set to disable.
  So the issue is the detection / setup of monitors in/out of the dock.
  I've done about all I can do for dubugging, I hope lenovo can pick up from here. if not I'll have to call lenovo support.

• So my airport extreme recently had some nat/dns issue and in the airport utility displayed a warning about it and to correct it. I wasn't sure what to do so i pressed the resolve icon and now my guest network is not working.

  So my airport extreme recently had some nat/dns issue and in the airport utility displayed a warning about it and to correct it. I wasn't sure what to do so i pressed the resolve icon and now my guest network is not working.

  Anytime you change networking hardware, it is always a good idea to perform a complete power recycle of your networking components.
  I would recommend that you do the following as a minimum:
  Power-down the modem, AirPort base station, and computer(s).
  Disconnect the AirPort base station from the Internet broadband modem.
  While all of the devices are powered-down, perform a "factory default" reset on the base station. This will get it back to its "out-of-the-box" configuration and make setting it up much easier, especially if you use the "Assist me" process within the AirPort Utility. (ref: Resetting an AirPort Base Station or Time Capsule)
  After the base station resets, go ahead and power it back down.
  Reconnect the AirPort base station to the Internet broadband modem. For the Extreme and Time Capsule, be sure to connect the cable to the base station's WAN (circle-of-dots) port.
  Power-up the modem; wait at least 10-15 minutes to allow it adequate time to initialize.
  Power-up the AirPort base station; wait at least 5-10 minutes. Note: The AirPort's status light may continue to flash amber after it has intialized. That is because, there may be some additional configuration items necessary, like setting up wireless security, before the overall setup is completed to get a green status.
  Power-up your computer(s).
  In this basic configuration, the AirPort base station will broadcast an unsecured wireless network with a Network Name (SSID) of Apple Network NNNNNN. Network clients, connected to the base station either by wire or wireless, should now be able to access the Internet through the ISP's modem. Once Internet connectivity has been verified, you can use the AirPort Utility to configure the base station for wireless security and any other desired options. Please post back your results.