Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3764
Views
1
Helpful
2
Replies

500 Internal Error

Go to solution
MDeMarco603
Level 1
Level 1

‎05-26-2016 06:18 AM

Hi Folks, looking for some feedback on an issue I've been dealing with as of late.

Issue:

Device X connects to SSID: xxyy. MAB authentication, Redirect to CWA, CWA responds with [500] Internal Error. Please contact system Administrator. If you are the System Administrator please consult the logs.

Device X connect to SSID: yyxx on same AP associated to same WLC. MAB authentication, Redirect to CWA, CWA login page pops, no error.

Troubleshooting:

PSN rebooted - Sometimes resolves the error. Does come back.

Device purge

Live authentications shows device stuck in RADIUS Accounting start request with no Auth Method. Forcing the device to Reauth via CoA from live authentication view triggers the device to Authenticate, Auth Method show mab and device is presented with CWA page.

Only log I found associated to the device

-::90:B6:::ProfilerCoA:- In DAO getRepository method for HostConfig Type: MNT

2016-05-26 11:58:45,823 ERROR  [portal-http-service741][] cisco.cpm.posture.runtime.PostureHandlerImpl

Thanks for the thoughts

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MDeMarco603
Level 1
Level 1

‎05-26-2016 12:17 PM

Resolution to anyone having these symptoms.

If you have a WLC that has an anchor point, only enable Accounting on one WLC. Having Accounting enable on both WLC causes Accounting information to be sent twice to ISE. ISE will invalidate one of the sessions upon reception of the second and cause the client to produce 500 Internal Error.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
jim.thomas
Level 1
Level 1

‎05-26-2016 06:27 AM

I've seen this several times with different customers, here is what I've experienced in these cases:

  • Session information is lost when trying to be redirected. I've seen this if you are trying to do something funky with custom html code on the webpage where your session data is not being passed between custom pages. Less likely in ISE 2.0 because it has more constraints on full-blown customization which equates to less screw-ups
  • THe PSN is built out-of-supported-spec . You might see VM resource issues (if its a VM) and/or the drive that the VM resides on is bad or underperforming (being hammered with other read/writes).

Go to solution
MDeMarco603
Level 1
Level 1

‎05-26-2016 12:17 PM

Resolution to anyone having these symptoms.

If you have a WLC that has an anchor point, only enable Accounting on one WLC. Having Accounting enable on both WLC causes Accounting information to be sent twice to ISE. ISE will invalidate one of the sessions upon reception of the second and cause the client to produce 500 Internal Error.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents