Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1086
Views
0
Helpful
4
Replies

Apple iOS BYOD failing after removing cert and profile

Go to solution
Madura Malwatte
Level 4
Level 4

‎12-04-2018 04:32 AM

I successfully on-boarded an Apple iPhone but then did some further testing and I proceeded to delete the certificate and profile that was downloaded from ISE from the iPhone (settings > general > profile). Now when I try to on-board the same device again I receive the correct web-auth redirect but safari does not load the portal page, instead Safari complains: "Safari cannot open the page because it could not establish a secure connection to the server."

20181204_170457.jpg

 

I found this - https://community.cisco.com/t5/identity-services-engine-ise/how-to-remove-a-byod-registered-device/td-p/3474527 tried the same steps but doesn't seem to help. Anyone know what might be going on?

 

Also to remove the wifi session from WLC I am using "config client deauthenticate" is that correct?

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎12-04-2018 06:40 AM - edited ‎12-04-2018 06:58 AM

Disable WIFI, forget wireless network, remove profiles.
For a fresh wireless session you can go into the UI under wireless clients and remove it there.

I have often seen iphone not redirecting and had to select a new http site instead for it to work. like the apple device is caching the older site. Perhaps an http site inside your internal network will be stable and instead use IP instead of FQDN?

If this doesn’t work How about another browser just to see if the redirect works?
Did you try network setting reset? Perhaps DNS iOS cache issue?

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎12-04-2018 06:40 AM - edited ‎12-04-2018 06:58 AM

Disable WIFI, forget wireless network, remove profiles.
For a fresh wireless session you can go into the UI under wireless clients and remove it there.

I have often seen iphone not redirecting and had to select a new http site instead for it to work. like the apple device is caching the older site. Perhaps an http site inside your internal network will be stable and instead use IP instead of FQDN?

If this doesn’t work How about another browser just to see if the redirect works?
Did you try network setting reset? Perhaps DNS iOS cache issue?

0 Helpful

Go to solution
Madura Malwatte
Level 4
Level 4
In response to Jason Kunst

‎12-04-2018 07:13 AM

Hi Jason,

 

Thanks for the quick reply. These are some good suggestions and I will try them out and let you know how I go.

0 Helpful

Go to solution
Madura Malwatte
Level 4
Level 4
In response to Jason Kunst

‎12-05-2018 04:27 AM

Hi Jason,

Did some further troubleshooting on this:

- profiles were already removed

- disabled WIFI

- forgot wireless network

- removed wifi session from wlc

- removed endpoint from ISE

- did network setting reset on iphone (clears the dns cache too)

- tried different websites

The above steps didnt help, same issue.

 

When the browser shows the redirect to the PSN, instead of using the FQDN, I put the IP address of the PSN instead, and this sort of worked - portal loaded, and works fine until you go to install the certs/profile/etc - then every time it goes back to the browser it goes back with the hostname and I've got to change it to the IP address again, but it seems to keep looping round the cert/profile install piece.

 

And then browsing anywhere I get redirected again, it works with the FQDN because the cert is installed now, profile/certs all get installed and I can connect to secure SSID.

 

Quite strange, do you know why this would be happening?

 

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Madura Malwatte

‎12-05-2018 05:00 AM

Did you follow the byod guide?

https://community.cisco.com/t5/security-documents/cisco-ise-byod-prescriptive-deployment-guide/ta-p/3641867


Do you have a valid certificate from well known provider on your byod portal?

Are other devices working?

Did you open tac case of all else fails?
0 Helpful
Customers Also Viewed These Support Documents