Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1431
Views
0
Helpful
2
Replies

CSCuz50937 - DOC- ISE21- Post upgrade steps should include enable weak ciphers.

Go to solution
pavoljaco
Level 1
Level 1

‎10-20-2017 02:05 AM - last edited on ‎03-25-2019 10:29 PM by Community Manager

Hi,

our customer has few thousand of old Windows XP. After upgrading ISE 2.1.0.474 from patch 3 to patch 5. All of Windows XP was unable to authenticate with 802.1x - PEAP.

So, we have enabled weak ciphers. That really helps. BUT, it cause even bigger problem. All policy nodes (6 virtual ISE servers) started to reinitialize Application Server process. All policy nodes continuously reinitialize main process which caused them to disconnect from AD. After main process go back to normal running state. It all started again after maybe 3 minutes.

After turning off support for weak ciphers. All ISE nodes was stable again. We had to rollback to patch 3 so all XPs can authenticate.

Are you aware of such a problem? We are stuck on version ISE 2.1.0.474 patch 3. Thanks.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
dkorell
Level 1
Level 1

‎11-14-2017 01:09 PM

While researching a similar authentication issue I had this morning when going from patch 3 to 6, I found your post. In patch 6 your issue may be resolved. Sounds very similar.

 

CSCvg26227

PSN reloads when Allow Weak Ciphers for EAP option is enabled in the Allowed Protocols page.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
dkorell
Level 1
Level 1

‎11-14-2017 01:09 PM

While researching a similar authentication issue I had this morning when going from patch 3 to 6, I found your post. In patch 6 your issue may be resolved. Sounds very similar.

 

CSCvg26227

PSN reloads when Allow Weak Ciphers for EAP option is enabled in the Allowed Protocols page.
0 Helpful

Go to solution
pavoljaco
Level 1
Level 1
In response to dkorell

‎11-14-2017 11:05 PM

Yes, we are currently testing patch 6 and it looks like it helps. Hopefully it will work in customer environment also... Thanks.

 

0 Helpful
Customers Also Viewed These Support Documents