Cisco ISE forwarding requests to NPS

ktparry85 · ‎07-01-2025

Hi,

I've setup my ISE 3.3 service to proxy requests to another organisations NPS server but I'm getting the following error;

Event 5405 RADIUS Request dropped

Failure Reason 11353 No more external RADIUS servers; can't perform failover

Resolution Verify the following: At least one of the remote RADIUS servers in the ISE proxy service is up and configured properly ; Shared secret specified in the ISE proxy service for every remote RADIUS server is same as the shared secret specified for the ISE server ; Port of every remote RADIUS server is properly specified in the ISE proxy service.

Root cause Failover is not possible because no more external RADIUS servers are configured. Dropping the request.

everything suggested looks to be configured correctly, any ideas on what this could be?

Thanks

MHM Cisco World · ‎07-01-2025

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/213239-configure-external-radius-servers-on-ise.html

Check this link see how we config ISE with external radius server

If you have more Q please ask

Thanks

MHM

Aref Alsouqi · ‎07-01-2025

Seems as if ISE can't talk to the remote NPS server. Did you check that ISE and the NPS can reach to each other? also, did you add ISE as a client on the NPS?, if you believe all is configured correctly on both sides, probably you could do some packet capture on the NPS server and see if the traffic flows as expected.