This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I have a problem with onboarding android devices in BYOD Single-SSID flow with ISE 2.4. I tried it with a android 8.0 and 7.0 device. After providing the network password in the cisco network assistant app, the error "Certificate Generation Failed" shows up.
Both devices are showing the same errors in the log:
2018.05.25 11:05:59 ERROR:ISEEnrollmentAsynchTask
2018.05.25 11:05:59 ERROR:java.lang.NullPointerException: Attempt to invoke virtual method 'java.lang.String java.security.cert.Certificate.toString()' on a null object reference
2018.05.25 11:05:59 ERROR:Attempt to invoke virtual method 'java.lang.String java.security.cert.Certificate.toString()' on a null object reference
I followed the instructions given in this video, but no success: ISE 2.2 Android Provisioning with EST Authentication (Certificate Generation Failed) - YouTube
My AuthC rules for EST looks like this:
But I don't see any hits in live logs. PAP and CHAP are activated in allowed protocols.
Thanks and regards,
Solved! Go to Solution.
When the network set up assistant asked you for a password did you enter your network credentials if so this is incorrect. The password it’s asking for is the pin or passcode lock for the phone.
Tryied it with both pin and passcode but still no success. Error message is the same.
I'm just working on my learning lab, so it's not possible to contact with TAC. I searched the Internet and found some solutions, as also stated in this post, but it didn't work for me. Also after connecting to the network for the first time and entring BYOD information on the BYOD portal, phone asks me to login to that SSID, and pressing that prompt start up the whole byod from the beginning and I redirected to the first page of BYOD portal again and again.
If you’re running a fresh setup of ISE have you tried using the secure access wizard to get everything configured and working?
If you’re a cisco partner have you tried our dcloud demo for secure access wizard and/or mobility deep dive. These have working setups
This is not production network. I've built the lab to practice ISE and for this, I started with fresh install and followed steps 1 by 1 and don't want to use the wizard, even if that was the solution, for now only to get a deep understanding of what is happening.
I wonder why this simple thing should be such a cumbersome task. Do you have any idea about this message (certificate generation failed)? I actually have created a separate post for my issue which has screenshot of the configs at here: https://communities.cisco.com/thread/92886
I am looking for if you have a basic BYOD setup working first and then move forward with that. I will also reach out to our SME to see if he has a working setup for EST on 2.4
Thank u. I appreciate that. I just wonder why EST-related stuff hasn't be documented on Cisco ISE admin guide and Cisco Press books or even 3rd party videos?! It's interesting!
I read somewhere that EST is irrelevant while SCEP is in place. I'm using SCEP, as stated in the official guides and books. Could you confirm this please?