Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
267
Views
0
Helpful
5
Replies

12953 Received EAP packet from the middle of conversationthat contains

mdmujahiduzzaman
Level 1
Level 1

‎11-03-2024 08:25 AM - edited ‎11-03-2024 08:27 AM

dot1x working properly. We changed our domain PC password and after that we are unable to login with new password. when we try with new password it shows error.

switch is juniper. 

we restart PSN. but same issue.

 

Labels:
Preview file
27 KB
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎11-03-2024 11:13 AM

As you mentioned after changing the password its not able to login. - what version of ISE 

ISE GUI check your AD connection: administration > identity management > external identity stores > active directory

is this only for 1 user or all the users ?

For testing can you make a user password simple and test (not adding special any characters)

Also engage with Server team to see what Logs they see ?

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

mdmujahiduzzaman
Level 1
Level 1
In response to balaji.bandi

‎11-03-2024 05:29 PM

Ise 3.3 p3. AD operational. Unchecked all password policy from ise. 

0 Helpful

Aref Alsouqi
VIP
VIP

‎11-04-2024 03:05 AM

You mean changed users password? I would recommend trying the following:

- Shut down the port where this PC is connected on the Juniper switch
- Remove the PC MAC address from ISE endpoint dashboard
- Disable/Enable the PC network card
- Unshut the port on the switch

Also, on the screenshot you shared ISE seems to suppress the username. If you wish to see that value you should go to "Administration > System > Security Settings" and tick the box next to "Disclose invalid usernames" and select "for specific time" option. This will allow you to see what username is being sent from the endpoint supplicant.

0 Helpful

MHM Cisco World
VIP
VIP

‎11-04-2024 03:10 AM

disable account in SW and check 

MHM

0 Helpful

jacksonben
Level 1
Level 1

‎11-04-2024 03:33 AM

The error 12953 does not relate to passwords at all, but can occur if you have a load balancer in front of ISE and your persistence algorithms are not working. Thus initial radius packets are seen by one PSN, but subsequent packets end up on a different PSN.

In order to troubleshoot your password issue you may want to bypass the load balancer by pointing your switch directly to a PSN rather than a VIP.

0 Helpful
Customers Also Viewed These Support Documents