12-04-2018 04:32 AM
I successfully on-boarded an Apple iPhone but then did some further testing and I proceeded to delete the certificate and profile that was downloaded from ISE from the iPhone (settings > general > profile). Now when I try to on-board the same device again I receive the correct web-auth redirect but safari does not load the portal page, instead Safari complains: "Safari cannot open the page because it could not establish a secure connection to the server."
I found this - https://community.cisco.com/t5/identity-services-engine-ise/how-to-remove-a-byod-registered-device/td-p/3474527 tried the same steps but doesn't seem to help. Anyone know what might be going on?
Also to remove the wifi session from WLC I am using "config client deauthenticate" is that correct?
Solved! Go to Solution.
12-04-2018 06:40 AM - edited 12-04-2018 06:58 AM
Disable WIFI, forget wireless network, remove profiles.
For a fresh wireless session you can go into the UI under wireless clients and remove it there.
I have often seen iphone not redirecting and had to select a new http site instead for it to work. like the apple device is caching the older site. Perhaps an http site inside your internal network will be stable and instead use IP instead of FQDN?
If this doesn’t work How about another browser just to see if the redirect works?
Did you try network setting reset? Perhaps DNS iOS cache issue?
12-04-2018 06:40 AM - edited 12-04-2018 06:58 AM
Disable WIFI, forget wireless network, remove profiles.
For a fresh wireless session you can go into the UI under wireless clients and remove it there.
I have often seen iphone not redirecting and had to select a new http site instead for it to work. like the apple device is caching the older site. Perhaps an http site inside your internal network will be stable and instead use IP instead of FQDN?
If this doesn’t work How about another browser just to see if the redirect works?
Did you try network setting reset? Perhaps DNS iOS cache issue?
12-04-2018 07:13 AM
Hi Jason,
Thanks for the quick reply. These are some good suggestions and I will try them out and let you know how I go.
12-05-2018 04:27 AM
Hi Jason,
Did some further troubleshooting on this:
- profiles were already removed
- disabled WIFI
- forgot wireless network
- removed wifi session from wlc
- removed endpoint from ISE
- did network setting reset on iphone (clears the dns cache too)
- tried different websites
The above steps didnt help, same issue.
When the browser shows the redirect to the PSN, instead of using the FQDN, I put the IP address of the PSN instead, and this sort of worked - portal loaded, and works fine until you go to install the certs/profile/etc - then every time it goes back to the browser it goes back with the hostname and I've got to change it to the IP address again, but it seems to keep looping round the cert/profile install piece.
And then browsing anywhere I get redirected again, it works with the FQDN because the cert is installed now, profile/certs all get installed and I can connect to secure SSID.
Quite strange, do you know why this would be happening?
12-05-2018 05:00 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide