cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

361
Views
0
Helpful
1
Replies
Highlighted
Enthusiast

Changing Microsoft AD UPN for AD User is not being reflected on new User Certificate

Hello, although not strictly an ISE issue, a customer has changed the UPN for a few Active Directory users.

For example, 

FROM- FirstnameLastName@customer.com TO - Firstname.LastName@customer.com.

 

This is not being reflect in the new certificate which is being pulled down. It still remains as the old UPN. 

Thus, when ISE Authenticates the user it works, but when authorising the user it fails. This is because it cannot find the user without the [.] in the identity (the new identity includes .) 

 

Tried gpupdate/force, deleting and manually requesting new cert. Even on a fresh PC the same old identity is in the certificate. 

 

Also tried, changing all of the fields (UPN and SAM account name) and all AD attributes pertaining to old name without said [.].

 

Any ideas? 

1 REPLY 1
Highlighted
VIP Collaborator

Hi,

    

    Try the following:

          - restart the Active Directory CA, see if it's fixed

          - delete and recreate the Certificate Template on the AD CA, which was used to provide user certificates, see if it's fixed

 

Regards,

Cristian Matei.

Content for Community-Ad