Solved: Re: Guest portal - Not Working on Windows 7

fveadmin · ‎01-25-2019

Hello,

I encounter the same issue as here https://www.reddit.com/r/networking/comments/4375w5/force_captive_portal_after_joining_wifi_network/

Behaviour with http redirection

The guest portal work on every devices (Android, IOS, Win10) except Win7. The guest user should use a http website to obtain the guest portal. Not acceptable, we cannot give support to all guest users using Win7. How is it working in airport, hospitals, universities, hotels ?

Behaviour with https redirection

There is a certificate warning on every devices ! Not acceptable. Some android devices tested (66%) don't allow to bypass the certificate warning.

Using WLC 8.5 and ISE 2.4 patch 5

Thanks for your help

Jason Kunst · ‎01-28-2019

I’m not sure of the issue window seven works with an HTTP site. This is the nature of the beast whenever I travel to different locations be at hotels hospitals etc. nothing works except manually trying an HTTP site most of the time

View solution in original post

Jason Kunst · ‎01-25-2019

Not sure of the issue. This has nothing to do with ise as states in reddit.

You can try giving out an http site such as enroll.cisco.com or another site and tell them to use that

Make sure if using just guest (no BYOD) that you disable captive portal bypass on your controller so the mini captive portal assistants work on Apple for example

This info is under our prescriptive guest guide at http://cs.co/ise-guides

Jason Kunst · ‎01-25-2019

Also this is a common issue I see across many places I visit and has become 2nd nature for me to try several sites as often they don’t prompt me to login.

fveadmin · ‎01-28-2019

For you and I, of course, it is part of common sense to try several sites but not for ordinary people ;-)

I found an Microsoft article -> What do you think about it ?

https://docs.microsoft.com/en-us/windows-hardware/drivers/mobilebroadband/captive-portals

Is there a solution for the issue ?

Jason Kunst · ‎01-28-2019

The article seems like Microsoft doesn’t have a fix until after Windows 7 the only thing you can rely on is having some me putting an HTTP site in

fveadmin · ‎01-28-2019

First of all, thank you for your answer Jason.

Like in airports, universities, etc... we do not have contact with the guest users. Thus, impossible to communicate they should use http site. Furthermore, we are in a BYOD environment and do not have access to the customer OS.

If I can resume the case :

The issue is still there -> Windows 7 is not displaying the guest portal (because it is not redirecting https) except if the customers change by hand the URL which is not acceptable
If we activate the https redirection, firstly the performance can be impacted, secondly it is not recommended on our WLC (cannot be ugraded to 8.7), and finally there is a Cert Warn which is not acceptable for the customers and not supported on some Android devices.

If you use the guest portal in the airports, hospitals, you don't get any issues neither with Win7 nor with Cert warn. How can they manage it ?

Thank you for your help

ldanny · ‎01-28-2019

The Cert warning is due to ISE being a self signed Certificate and the endpoint not recognizing the Cert being from a known Authority.

You would need to purchase a certificate from a known CA to avoid that .

fveadmin · ‎01-28-2019

We are using a wildcard generated from a known CA. To avoid a man in the middle, the browser is displaying a Cert Warn -> example : if the certificate on ISE is *.yourdomain.com and the first page the browser tries to access is google.com or yourcompanywebsite.com, you get an cert warn.

Jason Kunst · ‎01-28-2019

There is no way around this. It’s the nature of https

If you don’t want this then disable https redirect

This is explained in the prescriptive guest guide under http://cs.co/ise-guest

fveadmin · ‎01-28-2019

Yes right. I understand it well but with the https redirect disable, I get this behaviour describe on the first post

Behaviour with http redirection

The guest portal work on every devices (Android, IOS, Win10) except Win7. The guest user should use a http website to obtain the guest portal. Not acceptable, we cannot give support to all guest users using Win7. How is it working in airport, hospitals, universities, hotels ?

Any solution to make Win7 work with http redirection ?

Jason Kunst · ‎01-28-2019

I’m not sure of the issue window seven works with an HTTP site. This is the nature of the beast whenever I travel to different locations be at hotels hospitals etc. nothing works except manually trying an HTTP site most of the time

fveadmin · ‎01-28-2019

thank you for your help and time

Jason Kunst · ‎01-28-2019

I have seen many systems out there and unfortunately nothing is perfect. As you can see the newer operating systems fixed this with their captive assistant intelligence

Damien Miller · ‎01-28-2019

And to be fair, Windows 7 went end of life, we should be seeing less and less of it each day. But we know how that goes, XP is still out there.

I was expecting this thread to be about the redirect not working at all, at least it still works. A great way to ruin my day is have a defense contractors IT department disable all web redirection on their laptops. I've yet to find a way around that.

fveadmin · ‎01-28-2019

Windows 7 = 37.89% of the desktop OS market share for November & December 2018. It is still significant.

https://www.netmarketshare.com/operating-system-market-share.aspx?options=%7B%22filter%22%3A%7B%22%24and%22%3A%5B%7B%22deviceType%22%3A%7B%22%24in%22%3A%5B%22Desktop%2Flaptop%22%5D%7D%7D%5D%7D%2C%22dateLabel%22%3A%22Custom%22%2C%22attributes%22%3A%22...

Windows 7 is still supported till January 14, 2020. One more year to hear my customers complaints and I guess many other have this issue.

https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet