Good afternoon,
We have recently come across an issue in our environment that we hope you can assist us with.
On the live logs, we noticed that some devices are failing authentication, leaving them in a disconnected state (i.e. no LAN or Wifi connectivity). We can identify the devices as their identity shows as "host/{deviceName.domain}" whereas when they successfully authenticate they show as {DeviceName.domain}.
Sometimes the devices reauthenticate and connects successfully (can take up to 35 minutes although the average is around 1 minute), other times a port bounce is required to get them reconnected.
The strange thing is that the issue is intermittent and not linked to a particular device or type.
Background
- Windows 10 20H2 devices
- Cisco 2960x user switches
- Cisco ISE 2.7 patch 2 running on VMWare
- User devices are authenticated using a machine certificate
Device Error
Event: 5411 Supplicant stopped responding to ISE
Failure Reason: 12934 Supplicant stopped responding to ISE during PEAP tunnel establishment
Resolution: Verify that supplicant is configured properly to conduct a full EAP conversation with ISE. Verify that NAS is configured properly to transfer EAP messages to/from supplicant. Verify that supplicant or NAS does not have a short timeout for EAP conversation. Check the network that connects the Network Access Server to ISE. Verify that ISE local server certificate is trusted on supplicant.
Root Cause: Supplicant stopped responding to ISE during PEAP tunnel establishment
I have attached a screenshot of the errors and an output of a result, any help would be appreciated.
FYI a TAC has been opened with Cisco.
Thanks in advance.
