https://community.cisco.com/t5/network-access-control/turning-off-4g-to-get-cisco-network-assitant-to-work-on-android/m-p/3861444#M472743 <P>I finally have BYOD working on ISE 2.4.x with 8.5.x running on my WLC's. Working fine for a week, then I asked a few users in my building to test sitting near the outer ring close to our building windows (my 4G signal is very intermittent in the center of my floor where I sit). Of the 3 users I tested the following error appears after clicking Cisco Network Assistant for Android:</P><P>“"<STRONG>Unable to detect Server. Please ensure your network access device is configured to redirect enroll.cisco.com to ISE”</STRONG></P><P>Came across a few forums referring to DNS named WLC ACL entries nothing seemed a definite solution to me. So I asked the 3 users to turn off 4G on there devices (all Android) suddenly Cisco Network Assistant starts working, users complete onboarding successfully, job complete.</P><P>&nbsp;</P><P>Having a look at packet captures from my Anchor WLC I can clearly see the issue, each user was sending out a request to our BYOD DNS Servers (google Servers 8.8.8.8) over DNS-TLS port 853, the difference was all of these users were sending out SYN packets unlike working Android devices who are completing 3 way handshakes!</P><P>&nbsp;</P><P>With DNS-TLS obviously I can't see packet information to decode</P><P>&nbsp;</P><P>Asking users to turn 4G off on their devices for onboarding is not an easy task. Has anyone else had this issue with Android or iOS?</P><P>&nbsp;</P><P>I have opened a TAC..............no reply as yet.</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 23 May 2019 09:02:03 GMT stephendrkw 2019-05-23T09:02:03Z https://community.cisco.com/t5/network-access-control/turning-off-4g-to-get-cisco-network-assitant-to-work-on-android/m-p/3861444#M472743 <P>I finally have BYOD working on ISE 2.4.x with 8.5.x running on my WLC's. Working fine for a week, then I asked a few users in my building to test sitting near the outer ring close to our building windows (my 4G signal is very intermittent in the center of my floor where I sit). Of the 3 users I tested the following error appears after clicking Cisco Network Assistant for Android:</P><P>“"<STRONG>Unable to detect Server. Please ensure your network access device is configured to redirect enroll.cisco.com to ISE”</STRONG></P><P>Came across a few forums referring to DNS named WLC ACL entries nothing seemed a definite solution to me. So I asked the 3 users to turn off 4G on there devices (all Android) suddenly Cisco Network Assistant starts working, users complete onboarding successfully, job complete.</P><P>&nbsp;</P><P>Having a look at packet captures from my Anchor WLC I can clearly see the issue, each user was sending out a request to our BYOD DNS Servers (google Servers 8.8.8.8) over DNS-TLS port 853, the difference was all of these users were sending out SYN packets unlike working Android devices who are completing 3 way handshakes!</P><P>&nbsp;</P><P>With DNS-TLS obviously I can't see packet information to decode</P><P>&nbsp;</P><P>Asking users to turn 4G off on their devices for onboarding is not an easy task. Has anyone else had this issue with Android or iOS?</P><P>&nbsp;</P><P>I have opened a TAC..............no reply as yet.</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 23 May 2019 09:02:03 GMT https://community.cisco.com/t5/network-access-control/turning-off-4g-to-get-cisco-network-assitant-to-work-on-android/m-p/3861444#M472743 stephendrkw 2019-05-23T09:02:03Z https://community.cisco.com/t5/network-access-control/turning-off-4g-to-get-cisco-network-assitant-to-work-on-android/m-p/3861739#M472747 <P>Apple iOS and Android use Multipath TCP.&nbsp; I've seen this behavior in my lab environment when an iOS device like iPhone doesn't have a very good wifi signal.&nbsp; Unfortunately, the only way I was able to combat the issue was to increase wifi coverage so that the request remains with the wifi network and not go out through the cellular network.</P> <P>&nbsp;</P> <P>Regards,</P> <P>-Tim</P> Thu, 23 May 2019 15:40:27 GMT https://community.cisco.com/t5/network-access-control/turning-off-4g-to-get-cisco-network-assitant-to-work-on-android/m-p/3861739#M472747 Timothy Abbott 2019-05-23T15:40:27Z