cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

18829
Views
0
Helpful
13
Replies
Highlighted
Beginner

Authentication failed "5440 Endpoint abandoned EAP session and started new" error

Hello Guys,

i faced this error "5440 Endpoint abandoned EAP session and started new"when users try to authoticate to network ( wired 802.1X) with ISE 2.3 .

 

FYI: before rebooting client machine users can authenticate normaly to the network.

In event manager on windows 10 i have this error: "Unable to identify a user for 802.1X authentication"

any idea please ???

 

 Regards,

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Re: Authentication failed "5440 Endpoint abandoned EAP session and started new" error

@raam, the "authentication mac-move permit" is on the switch side, and disabling the "EAP-TLS L-bit" is on the ISE side. What is the problem you're having?

View solution in original post

13 REPLIES 13
Highlighted
VIP Advisor

Re: Authentication failed "5440 Endpoint abandoned EAP session and started new" error

Hi,

 

When the users stop responding to EAP reauthentication or start authentication while the NAD already have existing session, this message gets generated. Exmaple, when the endpoint hibernate and comes back online.

 

On the switch try the command 'authentication mac-move permit'. This will enable the NAD to terminate the existing 802.1x session and starts new one when a request is received while there is an existing session for the endpoint. 

 

Also, there are couple of bugs related to windows 7 which can generate this message on ISE. Worth checking if they are applicable to windows 10. Here you go.

 

https://supportforums.cisco.com/t5/security-blogs/getting-past-intermittent-unexplained-802-1x-problems-on-windows/ba-p/3104109

 

Please remeber to rate useful posts.

Highlighted
Beginner

Re: Authentication failed "5440 Endpoint abandoned EAP session and started new" error

thank you for your response !

i will see tomorrow this command can resolve the problem or not.

 

Highlighted
VIP Advisor

Re: Authentication failed "5440 Endpoint abandoned EAP session and started new" error

To set the expectations, the log will still pop but machine should
authenticate with this command
Highlighted
Beginner

Re: Authentication failed "5440 Endpoint abandoned EAP session and started new" error

hi,

the problem persist with this command.

 

Regards,

Highlighted
Beginner

Re: Authentication failed "5440 Endpoint abandoned EAP session and started new" error

hello,

it works fine with NAM cisco Annyconnect.

 

Regards,

Highlighted
VIP Advisor

Re: Authentication failed "5440 Endpoint abandoned EAP session and started new" error

Can you create the issue or is it random? Did you try to install the
hotfixes which I mentioned.
Highlighted
Beginner

Re: Authentication failed "5440 Endpoint abandoned EAP session and started new" error

go to:
policy > resoult > AUTHENTICATION > allowed protocol > default Network access and DISABLE "EAP-TLS L-bit" under "allow eap-ttls"


Let me know if this will fix your problem
Highlighted
Beginner

Re: Authentication failed "5440 Endpoint abandoned EAP session and started new" error

And news in this issue? Did it solve the problem of disconnections?

Highlighted
Beginner

Re: Authentication failed "5440 Endpoint abandoned EAP session and started new" error

as said in the previus post, disabiling "eap-tls l-bit" fixed the problem for me.
rgds
Highlighted
Beginner

Re: Authentication failed "5440 Endpoint abandoned EAP session and started new" error

It also worked for me

Highlighted
Beginner

Re: Authentication failed "5440 Endpoint abandoned EAP session and started new" error

Hi Can you please tell me which place are you telling this settings on PC or on ISE side?

 

Thanks

Highlighted
Beginner

Re: Authentication failed "5440 Endpoint abandoned EAP session and started new" error

@raam, the "authentication mac-move permit" is on the switch side, and disabling the "EAP-TLS L-bit" is on the ISE side. What is the problem you're having?

View solution in original post

Highlighted
Beginner

Re: Authentication failed "5440 Endpoint abandoned EAP session and started new" error

Hey ,

I have the same issue as mentioned before but its between ISE and Xerox printer and between them there is a meraki SW .so on meraki SW the printer cannot get an  dynamic IP address with the same error 5440 .

 

 

please let me know what can i do