Cisco Network Setup Assistant App

azielenski · ‎02-06-2023

Hello everyone,

We leverage ISE for AAA and the Cisco Network Setup Assistant App from the Google play store for provisioning of certificates on non-iOS devices. The devices are able to provision and function on the network just fine for about ~30 days. Around the 30 day mark (its never the same amount of days, just that its around 30 give or take a few) the phone no longer automatically connects to the network when a user arrives on-site. They have to re-provision the phone from scratch. At the time of the issue, the Setup Assistant App has the following error "unable to detect Server. Please ensure network access device is configured to redirect enroll.ciso.com to ISE." The certificates are also missing from the device. We have disabled the local setting on the phone "remove app permissions after 30 days of inactivity" and no luck what that. Verified the app is updated to the most current version. This feels like a local setting/issue with the Android devices. I'm curious if anyone else has noticed this issue or if anyone might have some ideas on what to look at to mitigate, thanks in advance!

Rodrigo Diaz · ‎02-07-2023

hello @azielenski , I would verify firstly if the device that has completed the BYOD process is still registered in the ISE side and that has not been purged, the device should be within the endpoint identity group "RegisteredDevices" if using the default configuration, next I would check the certificates If ISE issues the certificate you will see if the certificate has some problems in Administration>System>Certificates>Certificate Authority > Issued certificate .

In any case you can review the spw.log in the supplicant , this might give you further insight of what's happening with those devices , that log is allocated within the supplicant in /sdcards/downloads/spw.log

Let me know if that helped you.