cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
224
Views
0
Helpful
1
Replies

Failed Identity Sync Status in ISE with integrated DUO

a.maldonado
Level 1
Level 1

Hi, I hope someone can help me solve a Failed Identity Sync Status when trying to enable the DUO functionality in ISE v3.3.

I recently upgraded ISE from v3.1 to v3.3 and applied patch 3. I was then made aware of a bug in patch 3 and was asked to apply the hot patch ise-apply-CSCwk79546_3.3.0.430_patch3-SPA.tar, which I did with no problem.

I then follow the instructions in this document to the letter. https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-33/221232-configure-ise-3-3-native-multi-factor-au.html

However, at the end of this process I ended up with a Failed Identity Sync Status in the Identity Sync of the External Identity Sources.

When I pasted the keys and API name from DUO and tested the connection it said the keys were valid.

Please also note that the previous way of using DUO is still enabled. We are still using the external Proxy. I didn’t disable this way because I wanted to test the integrated DUO first.

ISE still has connectivity with our domain controller which is why the policy sets are still working with the groups originally imported.

Can someone help me understand why the Failed Identity Sync Status message please and or how to troubleshoot it.

When I click on the FAILED output it says No Data Found.

Configure Identity Sync. This process synchronizes users from the Active Directory groups you select into Duo Account using API credentials provided earlier. Select Active Directory Join Point. Click on Next.

<