This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Solved! Go to Solution.
You need to create a condition for authentication with these parameters too. Looking into my android logs I've seen the errors below: So there's no match in my Wireless 802.1x authentication or authorization rule, because for certificate to be installed it's used PAP/ASCII and HTTP authentication. Now everything works fine!
HTTP status 401 received
EST server requesting user authentication
HTTP auth failure
HTTP Authorization failed. Requested auth mode = 3
**Insert this Conditions to your Authentication Rules**
Cisco: cisco-av-pair EQUALS est-csr-request=true
Network Access NetworkDeviceName EQUALS ISE_EST_Local_Host
Hi Already did the config before since we encountered this issue last year December 2017, now that we are upgraded to 2.4 last August suddenly Android phone wasnt able to generate the certificate using NSP this week only. Im not sure if this is because of the 3rd party certificate but it will expire by December 2018. Is this a bug or anyone resolved this already with 2.4 path 1?
Any feedback on this? Still experiencing same issue with 2.4 patch 1 for all android phones... Cisco TAC was not able to resolve the issue..
There is a workaround suggested in the 2nd defect -
Manually configure condition in-line using 'Cisco:cisco-av-pair EQUALS est-csr-request=true' instead
Can you please give it a try.
As I've said in my previous message, already encountered this before and did your recommendation. This was resolve in ISE 2.2. Now that I'm upgraded to 2.4 patch 1, this issue recur again without any changes in config. The BYOD is running smoothly before for more than a month with version 2.4.
Last week, suddenly "CERTIFICATE GENERATION FAILED" encountered again for Android phone. Already have TAC and recommended same issue. They re enter again the condition and still not working. Been engage with TAC for 6days and no resolution yet :( I ask if there's reported same issue (global) from their file and its first time they encountered this issue for Cisco ISE 2.4
They will try to replicate using my backup config and check if will work in their lab environment...
But I read some statement above that issue is not resolve.
I face the same problem with Cisco ISE 2.4 Patch 4; it worked with Cisco ISE 2.2 and Android 8, but now this fails after the upgrade to 2.4. I already created a new policy with "Cisco: cisco-av-pair Equals est-csr-request=true", but this didn't help, it does not get hit.
Did you get any news from Cisco TAC?
have you been working on the TAC case lately and do you have a resolution for the problem with Cisco ISE 2.4 and the BYOD flow?
Thanks and best regards