Solved: Guest Portal URL from seconday ISE not working

lupingyao · ‎06-18-2018

Hi,

I have 2 ISE(Primary and Secondary) with version 2.2. I find, when I am in "Guest Portals" to do "Portal test URL", it will open the Guest portal from secondary ISE and the Website is not reachable. The Guest portal from Primary ISE is working very well.

I think, the 2 Guest portal Website should work (nothing to do with Primary or secondary?), has anyone one idee?

regards

Robin

lupingyao · ‎06-26-2018

Now I found the Problem, the admin installed the wildcard certificate for the Gastportal URL, but the Wildcard Certificate did not actived for portal in secondary.

thanks a lot @abraham!

View solution in original post

ajc · ‎06-18-2018

The portal is configured on Primary PAN and the info replicated into secondary PAN and PSNs. The actual portal operation/service is provided by the PSN's. So the question is, do you have PSN persona configured on both ISE nodes?

lupingyao · ‎06-20-2018

hi Abraham,

thanks for the response.

there are just 2 Maschine(one Primary and one Secondary they are both service Node), Secondary is standby. no PSN persona.

regards

Robin

ajc · ‎06-20-2018

Post an screenshot of the deployment.

ajc · ‎06-20-2018

If you are accessing the guest portal from here (see below), the URL points to ANY of the PSN in the deployment so the opened browser shows something like:

https://PSN-IP:8443/portal/PortalSetup.action?portal=10be2e90-8001-11e5-b027-3440b5d4e810

As I said before, post a deployment screenshot.

lupingyao · ‎06-20-2018

Hi Abraham,

thanks!

my Problem is:

I try to do the Portal test URL,it shows me the Portal URL from secondary ISE and i can not open the web site, i got "the website is not connected". User can just use the Portal URL from Primary. the both Portal URL were working before, now just the Primary, that confuse me.

Regards

Robin

ajc · ‎06-21-2018

Copy the URL from the displayed browser when you clicked TEST URL button in the Guest Portal and change the IP by the Secondary one and post the results. I am still waiting an screenshot from your deployment.

lupingyao · ‎06-22-2018

Hi Abraham,

you will find the screenshot in atachment. the 192.168.14.5 is primary and 192.168.14.6 is secondary. when I click the URL TEST button, it goes to secondary and show me the website is not connected.

regards

Robin

ajc · ‎06-22-2018

I suspect you are hitting a bug. What version are you running?.

If it is possible on the secondary node, run: application stop ise, wait until all the services are stopped (around 3-5 minutes) and then run: reload to reboot the server. After that try again to run the guest portal using the URL.

lupingyao · ‎06-25-2018

Hi Abraham,

the version is 2.2 Patch 8, I saw there is new Patch 9 from last week, i will try to install it and try again.

Regards

Robin

lupingyao · ‎06-26-2018

Now I found the Problem, the admin installed the wildcard certificate for the Gastportal URL, but the Wildcard Certificate did not actived for portal in secondary.

thanks a lot @abraham!

ajc · ‎06-26-2018

Nice catch, I missed that part. However, I am wondering if you mean by wildcard a SAN Certificate instead of a wildcard one. I only use wildcard cert for 802.1x as suggested by Cisco in the following screenshots (aaron woland cisco expert). In any case, SAN or Wildcard cert must be loaded to each PSN node in the deployment using Primary PAN.