Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1373
Views
0
Helpful
1
Replies

Cisco ISE 2.3 Patch 5 - User name change detected for the session. Attributes for the session will be removed from the cache

Go to solution
pgiouvanellis
Level 1
Level 1

‎11-05-2018 12:18 AM

Hello ,

 

We have a Cisco ISE deployment with 2 PANs and 4 PSNs .

We have AD Integration with 3 AD that are not two-way trust , they have no trust or one-way trust between them .

We have an auth policy that have the condition of was-machine-authenticated and checks the user to belong to

one of the selected domains.

 

We start getting errors of Deny Access ,

We notice that the machine is authenticated and user is authenticated but we get the below log :

 

"User name change detected for the session. Attributes for the session will be removed from the cache"

"AD-Error-Details - Domain trust is one-way "

 

It seems that something is done and the ise close the session with Deny Access .

 

Is anyone has similar problem and knows about solution ?

 

Thank You ,

Palaiologos

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pgiouvanellis
Level 1
Level 1

‎11-05-2018 03:15 AM

Hello ,

 

The problem was found finally ,

We have no authorization rule matched so we searched on our policy and found that we didn t match anywhere the user so we build new rule and everything was ok .

 

Thanks .

View solution in original post

0 Helpful
1 Reply 1

Go to solution
pgiouvanellis
Level 1
Level 1

‎11-05-2018 03:15 AM

Hello ,

 

The problem was found finally ,

We have no authorization rule matched so we searched on our policy and found that we didn t match anywhere the user so we build new rule and everything was ok .

 

Thanks .

0 Helpful
Customers Also Viewed These Support Documents