cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2455
Views
1
Helpful
2
Replies
MDeMarco603
Beginner

500 Internal Error

Hi Folks, looking for some feedback on an issue I've been dealing with as of late.

Issue:

Device X connects to SSID: xxyy. MAB authentication, Redirect to CWA, CWA responds with [500] Internal Error. Please contact system Administrator. If you are the System Administrator please consult the logs.

Device X connect to SSID: yyxx on same AP associated to same WLC. MAB authentication, Redirect to CWA, CWA login page pops, no error.

Troubleshooting:

PSN rebooted - Sometimes resolves the error. Does come back.

Device purge

Live authentications shows device stuck in RADIUS Accounting start request with no Auth Method. Forcing the device to Reauth via CoA from live authentication view triggers the device to Authenticate, Auth Method show mab and device is presented with CWA page.

Only log I found associated to the device

-::90:B6:::ProfilerCoA:- In DAO getRepository method for HostConfig Type: MNT

2016-05-26 11:58:45,823 ERROR  [portal-http-service741][] cisco.cpm.posture.runtime.PostureHandlerImpl

Thanks for the thoughts

1 ACCEPTED SOLUTION

Accepted Solutions
MDeMarco603
Beginner

Resolution to anyone having these symptoms.

If you have a WLC that has an anchor point, only enable Accounting on one WLC. Having Accounting enable on both WLC causes Accounting information to be sent twice to ISE. ISE will invalidate one of the sessions upon reception of the second and cause the client to produce 500 Internal Error.

View solution in original post

2 REPLIES 2
jim.thomas
Beginner

I've seen this several times with different customers, here is what I've experienced in these cases:

  • Session information is lost when trying to be redirected. I've seen this if you are trying to do something funky with custom html code on the webpage where your session data is not being passed between custom pages. Less likely in ISE 2.0 because it has more constraints on full-blown customization which equates to less screw-ups
  • THe PSN is built out-of-supported-spec . You might see VM resource issues (if its a VM) and/or the drive that the VM resides on is bad or underperforming (being hammered with other read/writes).
MDeMarco603
Beginner

Resolution to anyone having these symptoms.

If you have a WLC that has an anchor point, only enable Accounting on one WLC. Having Accounting enable on both WLC causes Accounting information to be sent twice to ISE. ISE will invalidate one of the sessions upon reception of the second and cause the client to produce 500 Internal Error.

View solution in original post

Content for Community-Ad