Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2691
Views
0
Helpful
5
Replies

Byod is not working in MAC OSX HighSierra 10.13.2

Go to solution
Patrick Moubarak
Level 4
Level 4

‎01-18-2018 01:13 PM - edited ‎03-20-2019 09:50 PM

I am running into an issue with ISE 2.2 patch 4 running the latest SPW for MAC OS X with the latest HighSierra update 10.13.2. BYOD flow does not work, it fails inside the Cisco Network Setup Assistant at the early step of downloading profiles. It shows 2 popups for ISE certificate to be trusted then fails to actually import them into the certificate store.

anybody experiencing the same issue?

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Patrick Moubarak
Level 4
Level 4
In response to Francesco Molino

‎01-19-2018 08:29 AM

Yeah I saw that bug.

I just found a workaround. Since I am using a private (internal) certificate for ISE admin and EAP, it has to be trusted in the MAC trust store manually before continuing the BYOD onboarding process, same behavior as iOS 10.3+ documented in bug CSCvd38467

Cisco recommends using public certificates for BYOD, now I know why!

Patrick

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎01-18-2018 05:27 PM

Hi

I tested it with patch 5 and seems to work.
Can you apply this patch and let us know.
The only customer that has mac has been migrated to ise 2.3 recently but they were in version 2.2 patch 5 and was working well. Didn't get any complain.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
Patrick Moubarak
Level 4
Level 4
In response to Francesco Molino

‎01-19-2018 07:23 AM

Thanks Francesco, we are looking into patching but it doesn't seem like a known issue listed on bug toolkit or in the release notes.

I am wondering if it is caused by the ISE admin and EAP certificates being generated by an internal CA instead of public. I know iOS 10.3.+ does not like that and requires an extra step to trust the certificate manually during onboarding, maybe MAC OS is even stricter now.

Patrick

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to Patrick Moubarak

‎01-19-2018 07:25 AM

I had this issue at the beginning with Beta High Sierra OSx and there was a bug ID opened for that. Don't recall if this bug id is still visible and/or added into Patch 5 release note.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
Patrick Moubarak
Level 4
Level 4
In response to Francesco Molino

‎01-19-2018 08:29 AM

Yeah I saw that bug.

I just found a workaround. Since I am using a private (internal) certificate for ISE admin and EAP, it has to be trusted in the MAC trust store manually before continuing the BYOD onboarding process, same behavior as iOS 10.3+ documented in bug CSCvd38467

Cisco recommends using public certificates for BYOD, now I know why!

Patrick

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to Patrick Moubarak

‎01-19-2018 08:31 AM

Yes you're right i forgot to ask about certificates and i thought it was a trusted certificate.

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents