cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1161
Views
0
Helpful
2
Replies
Beginner

CSCuz50937 - DOC- ISE21- Post upgrade steps should include enable weak ciphers.

Hi,

our customer has few thousand of old Windows XP. After upgrading ISE 2.1.0.474 from patch 3 to patch 5. All of Windows XP was unable to authenticate with 802.1x - PEAP.

So, we have enabled weak ciphers. That really helps. BUT, it cause even bigger problem. All policy nodes (6 virtual ISE servers) started to reinitialize Application Server process. All policy nodes continuously reinitialize main process which caused them to disconnect from AD. After main process go back to normal running state. It all started again after maybe 3 minutes.

After turning off support for weak ciphers. All ISE nodes was stable again. We had to rollback to patch 3 so all XPs can authenticate.

Are you aware of such a problem? We are stuck on version ISE 2.1.0.474 patch 3. Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Re: CSCuz50937 - DOC- ISE21- Post upgrade steps should include enable weak ciphers.

While researching a similar authentication issue I had this morning when going from patch 3 to 6, I found your post. In patch 6 your issue may be resolved. Sounds very similar.

 

CSCvg26227

PSN reloads when Allow Weak Ciphers for EAP option is enabled in the Allowed Protocols page.

2 REPLIES 2
Highlighted
Beginner

Re: CSCuz50937 - DOC- ISE21- Post upgrade steps should include enable weak ciphers.

While researching a similar authentication issue I had this morning when going from patch 3 to 6, I found your post. In patch 6 your issue may be resolved. Sounds very similar.

 

CSCvg26227

PSN reloads when Allow Weak Ciphers for EAP option is enabled in the Allowed Protocols page.

Beginner

Re: CSCuz50937 - DOC- ISE21- Post upgrade steps should include enable weak ciphers.

Yes, we are currently testing patch 6 and it looks like it helps. Hopefully it will work in customer environment also... Thanks.

 

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards