https://community.cisco.com/t5/network-access-control/ise-onboarding-sith-internal-ca-server/m-p/3405476#M548495 <P>Guys! any idea?!&nbsp;</P> <P>I'm getting this message:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ise1.png" style="width: 629px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/13861iC6B69CACFDEB64D9/image-size/large?v=v2&amp;px=999" role="button" title="ise1.png" alt="ise1.png" /></span></P> Tue, 26 Jun 2018 09:04:03 GMT ciscoworlds 2018-06-26T09:04:03Z https://community.cisco.com/t5/network-access-control/ise-onboarding-sith-internal-ca-server/m-p/3395698#M548490 <P>Hi;</P> <P>&nbsp;</P> <P>I'm testing ISE onboarding and configured authentication/authorization rules on ISE. I also have a internal Windows server which I've configured it to be my internal CA server. My WLC is 2504 (software version 8.0.121.0 and field recovery image version 7.4.1.30).&nbsp;</P> <P>I started to test with an Android mobile device. After successfully authenticating with Active Directory, I redirected to BYOD portal where I was pushed&nbsp;to download Cisco Network Assistant from Google Play. But the issue is I got this message on my Android device. How can I resolve this certificate issue on WLC?</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot_20180607-164220.png" style="width: 562px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/12850iC2CEB37D785A3FED/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot_20180607-164220.png" alt="Screenshot_20180607-164220.png" /></span></P> <P>&nbsp;</P> <P>Thank you.&nbsp;</P> Fri, 21 Feb 2020 18:57:44 GMT https://community.cisco.com/t5/network-access-control/ise-onboarding-sith-internal-ca-server/m-p/3395698#M548490 ciscoworlds 2020-02-21T18:57:44Z https://community.cisco.com/t5/network-access-control/ise-onboarding-sith-internal-ca-server/m-p/3396131#M548492 <P>During which stage of the on-boarding process do you get that error? The error message indicates that there is a proxy and/or another device on your network that is deencrypting/inspecting SSL/TLS traffic. Can you expand on the technical details and provide a screenshot of the certificate that is being used to encrypt the connection?</P> <P>&nbsp;</P> <P><EM>Thank you for rating helpful posts!</EM></P> Fri, 08 Jun 2018 00:14:00 GMT https://community.cisco.com/t5/network-access-control/ise-onboarding-sith-internal-ca-server/m-p/3396131#M548492 nspasov 2018-06-08T00:14:00Z https://community.cisco.com/t5/network-access-control/ise-onboarding-sith-internal-ca-server/m-p/3396349#M548494 <P>Hi;</P> <P>I wanted to try to do the same, but before that, I got stuck at the beginning because I got these messages. Where I should change this option? On WLC or on ISE? I tried but didn't managed to affect that.&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <PRE>06-08-2018 14:21:37 Local0.Warning 10.1.206.205 CWLC: *Dot1x_NW_MsgTask_7: Jun 08 11:21:31.456: #DOT1X-4-AAA_MAX_RETRY: 1x_bauth_sm.c:404 Max AAA authentication attempts exceeded for client 04:4f:4c:3b:8a:67 06-08-2018 14:21:37 Local0.Info 10.1.206.205 CWLC: *Dot1x_NW_MsgTask_7: Jun 08 11:21:31.456: #APF-6-MOBILE_EXCLUDED: apf_ms.c:6232 Excluded the mobile 04:4f:4c:3b:8a:67.</PRE> <P><SPAN>10.1.206.205 belongs to Cisco WLC. The MAC address in log message belongs to my Android device.&nbsp;</SPAN></P> <P>All I found was Wireless Client Exclusion Policy and I disabled it.&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="wlc.png" style="width: 550px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/12922i105078356213AA01/image-size/large?v=v2&amp;px=999" role="button" title="wlc.png" alt="wlc.png" /></span></P> <P>&nbsp;</P> <P>But after a while, something resets the failure and I get this message on ISE RADIUS live log page:</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="wlc2.png" style="width: 559px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/12923i0430FA3BB79422F7/image-size/large?v=v2&amp;px=999" role="button" title="wlc2.png" alt="wlc2.png" /></span></P> <P>&nbsp;</P> <P>I will send the details if I can get rid of this error.</P> Fri, 08 Jun 2018 12:15:36 GMT https://community.cisco.com/t5/network-access-control/ise-onboarding-sith-internal-ca-server/m-p/3396349#M548494 ciscoworlds 2018-06-08T12:15:36Z https://community.cisco.com/t5/network-access-control/ise-onboarding-sith-internal-ca-server/m-p/3405476#M548495 <P>Guys! any idea?!&nbsp;</P> <P>I'm getting this message:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ise1.png" style="width: 629px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/13861iC6B69CACFDEB64D9/image-size/large?v=v2&amp;px=999" role="button" title="ise1.png" alt="ise1.png" /></span></P> Tue, 26 Jun 2018 09:04:03 GMT https://community.cisco.com/t5/network-access-control/ise-onboarding-sith-internal-ca-server/m-p/3405476#M548495 ciscoworlds 2018-06-26T09:04:03Z