CSCwn93753 - ISE 3.1p10 External RADIUS Server authentication fail

sysadmin · ‎02-08-2025

Any updates on this ? We are faced with this after patching our ise cube with 8 nodes to patch 10 and then DUO MFA ios showing this error now When is the workaround expected ? In the worst case can we rollback one of the psns used as primary for vpn to patch 7 , and keep the others on patch 10 , kindly advise

gregmoyse3 · ‎02-10-2025

Hi, I'm a little stuck on what to do with this as the whole point of the patch was to resolve potential Windows certificate authentication. Will this bug also appear if I upgrade to the latest version of ISE? It is bad enough rolling back a patch, let alone downgrading?

Bo Urskov · ‎02-11-2025

I have a TAC Case on this problem and just got a hotfix to P10 that should fix this issue... I'm currently installing P10 and hotfix to a customers PSN, so I'll know if it works in a few hours and let you guys know... If it works as expected, you'll probably need to create a case to get the hotfix as it is not yet on software.cisco.com download page...

Cheers

Bo Urskov

CCIE#60868

Bo Urskov · ‎02-11-2025

I can confirm the hotfix is working, so External RADIUS is functional in ISE 3.1 Patch 10 again...

Reach out to TAC to get the hotfix file until it is available for download...

Cheers

Bo Urskov

CCIE#60868

ian r · ‎02-13-2025

Hi Bo,

If the hotfix is applied to a PSN, will the PSN fall out of deployment due to version mismatch or does it remain connected?

Cheers,

Ian

Bo Urskov · ‎02-17-2025

It remains a part of the deployment without any issues...

james.kuo · ‎04-15-2025

Hi all,

We are facing the same issue with an update to patch 10.

I raised a case to TAC support. This issue is currently hit by the Bug ID(CSCwn93753),

TAC will give you two hotfix(hotfix and rollback) files and some steps to fix it.

James Kuo
HsinChu, TAIWAN