This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
After testing some BYOD options, I was toying around with the guest services deployments.
I've removed all profiles/certs from the endpoint, removed the client from the BYOD Registered device, however, when the client tries to log in after being sponsor approved, this message is displayed
"Endpoint is already registered to another user"
I've disabled the "automatically register devices" and that stops the automatic error message, but now clients are not put into the "GuestEndpoints" group. So they are forced to click "enable registration" to get them into that GuestEndpoints group which I use to denote that a client has registered.
Once they click "register device" they see the error ""Endpoint is already registered to another user"
So i'm stuck either way.
Ipad, Iphone and Android tested on ISE 2.1 patch 1
Solved! Go to Solution.
"After testing some BYOD options, I was toying around with the guest services deployments."
The client was used for BYOD testing, then we wanted to test some guest options.
I removed it as a registered device group, but when the guest system is set to "automatically register devices" it throws the error about the system. I can indeed add the system MAC manually as a GuestEndpoint and then my guest flow works but my question is if i've hit a bug or why a pre-registered BYOD system, once removed from the Registered Devices is not able to be a guest.
Do we expect that we may never see a previously registered (then removed) BYOD device become a guest?
I understand what you were doing, my only point is that it's still in the endpoint database even though you removed it from the byod group, Did you delete the endpoint completely from ise?
I agree It could happen that a byod device later goes through guest but think the use case is rare
Can you advise how to remove it "completely" from ise?
I made the assumption removing it from the RegisteredEndpoints would allow it to be registered.
What happens if I have a registered device, that employee leaves and it was provided to someone else to use as a Corporate Device that is registered?
In ISE 2.2 and perhaps 2.1 Context Visibility > Endpoints
Administration > Identities > Endpoints
For your use case perhaps they have to handle how to transfer assets as it wouldn’t be registered to the correct person any longer
"Administration > Identities > Endpoints"
This purges the system from the Database whereas removing from the RegisteredDevices does not?
Is there any other options I need to look at as I'll have time in the morning to test this out.
Correct, that should be it, make sure you remove the profiles from the endpoint, forget any SSIDs, turn off the wirlesss, clear the wireless session and then delete the endpoint from the database, that would be a clean guest endpoint coming in
Remove from registered devices just removes it from the group not from ISE database.
Confirmed the following
Deleting from the group as RegisteredDevices doesn't fix the problem
Deleting from Context>Endpoint does indeed solve the problem