cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9473
Views
5
Helpful
15
Replies

Error when trying to install windows network assistant for self provisioning

im trying to test windows self provisioning using the windows supplicant on ISE v 1.1.3 with a windows 8 laptop

I get the redirection page and can  launch the installer. I accept the cert prompts when prompted by the installer.  The network assistant keeps failing half way through with the message "secure access configuration for the SSID network failed"

Anyone else seen this?

i have tried all 4 wizards available 1.0.0.22/23/33/34 and cannot get past this error

15 Replies 15

Marcin Latosiewicz
Cisco Employee
Cisco Employee

This reminds me of:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCud05296

1.0.0.26 should have the fix, open up a TAC case, we need to look into this. 

Thanks Marcin, its actually a proof of concept we are doing on behalf of Cisco for a customer, i will need to get our Cisco rep to verify we can tac this.

is that version 1.0.0.26 available to download? I cant see it on the download portal on ise or the Cisco website?


Brian,

.34 should contain fix to what I was indicating (AFAIU). As I said - my suggestion is to dig into this via a TAC case.

M.

blenka
Level 3
Level 3

find the file and go through the page 624 to 625 & 866 to 868 the step may help you to address the solution.

http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_ug.pdf

Hi Basant, i think the setup should be fine regarding those pages you suggested. we have apple ipads and iphone which can register fine

David Boos
Level 1
Level 1

Can you post the authentication logs for the device? That may be helpful.

Theres the screenshot

ise logs attached. not much there it just shows that I get stuck at the redirect to enroll as the assistant crashes. Il get a tac logged today also.

Hi,

Can you post screenshots of your windows and apple-ios supplicant provisioning profiles. Also there is a document that was written that forces java crl checks. See if this doc provides any use.

https://supportforums.cisco.com/docs/DOC-35333

Tarik Admani
*Please rate helpful posts*

Thanks Tarik, i can get through the java browser prompts ok and accept them. screen shots below. I am going to log a tac and see what happens. i will report back.

Brian,

Can you break apart your native supplicant profiles into separate policies for windows, apple, and android. I am curious to see if that changes your results. I also see that the name isnt appearing as well in the screenshot you provided. Set the OS to windows ALL. There is a bug for windows 8 users that seems to be solved with the ise 1.2 release notes and the SPW.

http://www.cisco.com/en/US/docs/security/ise/1.2/release_notes/ise12_rn.html#wp378491

thanks,

Tarik Admani
*Please rate helpful posts*

Brian,

Are you using SCEP for certificate enrollment?

Hi All,

Turned out to be an ACL issue. Someone else set it up before me so they can take the blame!

The tac engineer setup a rule to allow any any outbound from the wlc towards the client. It was mainly to allow ports 8905 and 8909 talk back to the endpoint.

He also pointed me towards this file %temp%\spwProfileLog.txt which logs the setup assistant installer in case anyone else has issues..

Thanks for all the help guys

Hi brianpmcp !

I have problem the same with you. I checked my ACL have rule allow any any outbound from WLC.

172.16.2.212 is my ise.

but when connect to open SSID (Mac filtering) and run cisco network setup assitant have error the same your error.

when I check spwprofileLog.

  

[Mon Sep 15 15:57:44 2014] Warning - [HTTPConnection] InternetOpen() failed with code: [12038]
[Mon Sep 15 15:57:44 2014] Warning - [HTTPConnection] Abort the HTTP connection due to invalid certificate CN

[Mon Sep 15 15:57:44 2014] HttpWrapper::SendScepRequest - Retrying: [1] time, after: [4] secs , Error: [2]
[Mon Sep 15 15:57:48 2014] Warning - [HTTPConnection] InternetOpen() failed with code: [12038]
[Mon Sep 15 15:57:48 2014] Warning - [HTTPConnection] Abort the HTTP connection due to invalid certificate CN

[Mon Sep 15 15:57:48 2014] HttpWrapper::SendScepRequest - Retrying: [2] time, after: [4] secs , Error: [2]
[Mon Sep 15 15:57:53 2014] Warning - [HTTPConnection] InternetOpen() failed with code: [12038]
[Mon Sep 15 15:57:53 2014] Warning - [HTTPConnection] Abort the HTTP connection due to invalid certificate CN

[Mon Sep 15 15:57:53 2014] HttpWrapper::SendScepRequest - Retrying: [3] time, after: [4] secs , Error: [2]
[Mon Sep 15 15:57:57 2014] Warning - [HTTPConnection] InternetOpen() failed with code: [12038]
[Mon Sep 15 15:57:57 2014] Warning - [HTTPConnection] Abort the HTTP connection due to invalid certificate CN

[Mon Sep 15 15:57:57 2014] Failed to get certificate from server - Error: [2]

[Mon Sep 15 15:57:57 2014]  Failed to generate scep request. Error code: [0]
[Mon Sep 15 15:57:57 2014] ApplyCert - End...
[Mon Sep 15 15:57:57 2014] Failed to configure the device.
[Mon Sep 15 15:57:57 2014] ApplyProfile - End...

Can you help me fix error.

Thanks !

profile

ACL