Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1545
Views
0
Helpful
11
Replies

Identity Services Engine Initialization Error

Grayson Wells
Level 1
Level 1

‎10-10-2012 10:35 AM - edited ‎03-10-2019 07:39 PM

I have been working with TAC and other's at Cisco to resolve this problem, and also have a case open with the developers. However, I thought it might be a good idea to open it up to you all to see if you had encountered this problem in the past.

I am running ISE 1.1.1 and when my BYOD devices join the SSID I get a white page that just says there was an internal error and to consult my system administrator or the logs. The process is this. The user selects the SSID (FlexConnect AP, centrally switched), they are prompted for their AD credentials, when authenticated they are redirected to the supplicant provisioning process (self provisioning portal). I know the config is correct because I have had people above at Cisco (above TAC) helping me configure this. However, when they get redirected it simply shows the afore mentioned white error page. If you look in the logs it says it is an initialization error. Has anyone ever had this problem?

Labels:
0 Helpful
11 Replies 11

Grayson Wells
Level 1
Level 1

‎10-10-2012 10:44 AM

If no one on here knows the answer then I will just post the fix from the develops for future reference.

0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni
In response to Grayson Wells

‎10-10-2012 10:47 AM

Which device are you trying to provision? Microsoft supplicants or your mobile devices? I know Cisco just released some updates to their windows supplicant provisioning wizard.

Just as a heads up most ISE threads are posted in the AAA forums.

Thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful

Grayson Wells
Level 1
Level 1
In response to Tarik Admani

‎10-10-2012 10:49 AM

Good point, thanks!

0 Helpful

Grayson Wells
Level 1
Level 1

‎10-10-2012 04:11 PM

I am provisioning an iPhone and an iPad, but the problem isn't client related. I have isolated the problem to the fact that the session ID isn't being passed properly. If I don't include "sessionId=SessionIdValue" in the url redirect then it loads the page. It just doesn't have my session information so obviously the authentication is broken. When I include the session attribute in the URL, it breaks and gives me the internal error page.

0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni

‎10-10-2012 05:40 PM

Have you checked to see if cookies are enabled. Also check and see if the autofill in safari browser settings are diaabled.

What url do you receive at the end (action=nsp)?

Sent from Cisco Technical Support Android App

0 Helpful

Grayson Wells
Level 1
Level 1
In response to Tarik Admani

‎10-10-2012 05:52 PM

Yes auto fill is disabled and cookies are enabled for visited sites.

0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni

‎10-10-2012 06:59 PM

What version ISE are you on? Also if you set the policy to cwa do you get redirected sucessfully?

Also in your acl for nsp are you allowing full ip connectivity to ise?

Can you post your url? And your acls? Are you sending back the airespace acls along with the acls with the webauth in the authorization policy?

Sent from Cisco Technical Support Android App

0 Helpful

Grayson Wells
Level 1
Level 1

‎10-10-2012 07:08 PM

It is ISE version 1.1.1. Yes I have the acl in correctly including sending back as the airespace acl. The acl is simple and has full IP connectivity to ISE. I am not using the cwa option. I am using peap with AD as the identity store. Once that authenticates it uses an authorization policy that redirects to nsp. Cwa is one way of doing it but that is not the way we do it because that would redirect you to the guest portal and we are redirecting to the self provisioning portal.

Sent from Cisco Technical Support iPhone App

0 Helpful

Grayson Wells
Level 1
Level 1

‎10-10-2012 07:09 PM

So to clarify. I am not using my own URL, I am using the URL that is used when you select the supplicant provisioning option under web auth.

Sent from Cisco Technical Support iPhone App

0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni

‎10-10-2012 07:13 PM

I understand I wanted to see if you could get the redirect via cwa to work ok since that uses session id in the url also.

Are these devices running ios6 or are they on ios5? I wonder if the user agent changed which is causing some confusion as to which wizard ise needs to use.

Sent from Cisco Technical Support Android App

0 Helpful

Grayson Wells
Level 1
Level 1

‎10-10-2012 07:16 PM

Yeah, I have done that just to see what would happen. It just sends you the guest portal. It doesn't log you in with the credentials you already submitted, but it doesn't present an error either. The iOS 5 versus 6 is an interesting note. I haven't verified that.

Sent from Cisco Technical Support iPhone App

0 Helpful
Customers Also Viewed These Support Documents