cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1002
Views
0
Helpful
4
Replies
Highlighted
Contributor

Live logs report error 5436

Hi Experts,

 

While working with a third party NAD, Juniper 4200EX, today I started to get this error while testing for some of the use-cases.

While this was working fine till last week, today, the test machine was restarted and then post login to the machine, NAM kept popping for user credentials. And every time the user entered credentials this error was reported on live logs: 5436 RADIUS packet already in the process.

There has been no changes made to the configuration earlier, the ISE policies and profiles are the same.

The only change that was there, was to move the user's computer to admin groups to allow him to install/uninstall symantec antivirus, to allow us perform negative testing.

 

Following is the test setup that we have:

ISE 2.3.0.298 Patch 3

AnyConnect with NAM: 4.5.04029

Juniper 4200EX: 15.1R7.8

 

Any pointers appreciated.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Live logs report error 5436

You would see this if another authentication for that endpoint is still in progress for this endpoint or if a request is stuck on the ISE from being processed forever.

You might want to check CSCvh09878. There is a very high possibility that you might be running into this.
4 REPLIES 4
Cisco Employee

Re: Live logs report error 5436

I would make sure it’s not getting suppressed. Have you tried marking unsuppressed in live logs? The you can troubleshoot further
Contributor

Re: Live logs report error 5436

I see that under Suppression reports, no other setting has been enabled:

Suppression reports.JPG

I am going to work with that engineer today and see if could capture some debug logs from the switch itself.

Any ideas that you could suggest for this issue?

 

Thank you!

 

 

Everyone's tags (1)
Cisco Employee

Re: Live logs report error 5436

You would see this if another authentication for that endpoint is still in progress for this endpoint or if a request is stuck on the ISE from being processed forever.

You might want to check CSCvh09878. There is a very high possibility that you might be running into this.
Contributor

Re: Live logs report error 5436

As off now they are not in a position to do an upgrade. But would like to get some more details about this issue.

 

Any idea why would this happen?

As this is something that could easily pop-up in a production environment.