https://community.cisco.com/t5/network-access-control/ise-1-2-patch-6-all-authentications-begin-failing-after-about-20/m-p/2487298#M86604 <P>I got this fixed via TAC. Basically the following is the bug but it is worth noting that this deployment was a fresh build of 1.2</P><P>https://tools.cisco.com/bugsearch/bug/CSCuj17272/?reffering_site=dumpcr</P><P><B>Symptom:</B><BR />all auth fails when using the existing identity source sequences after upgrade from 1.1.3 to 1.2.<BR /><BR /><B>Conditions:</B><BR />upgrade from 1.1.3 to 1.2 build 899 breaks all auth using identity sequences.</P><P>&nbsp;</P><P>Basically the fix was to recreate my ID sequences and reapply to the authentication policy. This fixed the issue on the policy node in question.</P> Tue, 29 Apr 2014 05:35:40 GMT Stephen McBride 2014-04-29T05:35:40Z https://community.cisco.com/t5/network-access-control/ise-1-2-patch-6-all-authentications-begin-failing-after-about-20/m-p/2487297#M86601 <P>Hi all,</P><P>Another strange one I am throwing out to the forum. Basically I have a 5 node deployment (1 x Primary Admin, 1 x Primary Monitoring, 1 x Secondary Admin/Monitoring and 2 x Policy Nodes). The primary authentication method is EAP-TLS or PEAP for wireless only. The deployment in question has been in pilot for about 3 weeks with no issues what so ever.</P><P>As of this morning we rolled into production and all seemed well - about 100 users successfully authed against PSN1 (PSN2 is configured in the WLC as a secondary radius). About 30 minutes after the production rollout authentications began failing for the exact same reason (see attached radius log). I checked all of the certificates as recommended in the log but this was a matter of course in that everything is as it should be.</P><P>My next step was to essentially stop PSN1 (application stop ise) to see if the issue was a problem on the second PSN. All authentications were now succeeding via PSN2. I left it this way for 30 minutes with no drama. I started PSN1 again and authentications began to work....20 minutes later the issue was back. I replicated this issue again to be sure.</P><P>At this point I decided to deregister PSN1 and application reset the node before rejoining with the ISE deployment. Authentications worked well until about 30 minutes later when the issue reappeared. At this point I reloaded all nodes in the ISE deployment to see if this made a difference but the issue still remained.</P><P>Currently I have PSN1 shutdown and all is functioning well - anyone have any ideas??</P> Mon, 11 Mar 2019 04:38:28 GMT https://community.cisco.com/t5/network-access-control/ise-1-2-patch-6-all-authentications-begin-failing-after-about-20/m-p/2487297#M86601 Stephen McBride 2019-03-11T04:38:28Z https://community.cisco.com/t5/network-access-control/ise-1-2-patch-6-all-authentications-begin-failing-after-about-20/m-p/2487298#M86604 <P>I got this fixed via TAC. Basically the following is the bug but it is worth noting that this deployment was a fresh build of 1.2</P><P>https://tools.cisco.com/bugsearch/bug/CSCuj17272/?reffering_site=dumpcr</P><P><B>Symptom:</B><BR />all auth fails when using the existing identity source sequences after upgrade from 1.1.3 to 1.2.<BR /><BR /><B>Conditions:</B><BR />upgrade from 1.1.3 to 1.2 build 899 breaks all auth using identity sequences.</P><P>&nbsp;</P><P>Basically the fix was to recreate my ID sequences and reapply to the authentication policy. This fixed the issue on the policy node in question.</P> Tue, 29 Apr 2014 05:35:40 GMT https://community.cisco.com/t5/network-access-control/ise-1-2-patch-6-all-authentications-begin-failing-after-about-20/m-p/2487298#M86604 Stephen McBride 2014-04-29T05:35:40Z