07-29-2014 12:05 PM - edited 03-10-2019 09:54 PM
We put ISE into bypass mode due to the 2012 R2 issue and after upgrading to 1.2.1 in ISE, and taking it out of bypass. i am seeing machines fail due to either "supplicant stopped responding" or it fails saying not found in Identity Stores. The only thing that fixes it is an auth open on the port. at first they would report the MAC as the username instead of the Machine name. Now i see them reporting the machine name correctly but with a fail message of "supplicant stopped responding". TAC has said its a local machine problem or GPO but nothing has changed on either one of those, the only change was ISE. I did as he suggested, stop/started wired auto config, no change, also downloaded some hotfixes from MS for various EAP issues, no change.
What ever info you need, let me know. i know this is a huge area to try to troubleshoot.
07-29-2014 02:10 PM
Will need some more info:
1. What type of authentication are you performing? (EAP-PEAP, EAP-TLS, etc?)
2. Can you post screen shots with the supplicant's configuration
3. Screen shots of the failed authentication detailed screen
4. Screen shot or export of your authentication/authorization rules
5. What is the status of ISE's connection to AD? I have seen it go to joined but disconnected after upgrade
Thank you for rating helpful posts!
07-30-2014 12:25 PM
I'm almost sure this is a Windows problem or a physical cabling problem. I was troubleshooting such issues for a long time.
This means MAB process started because no EAP frame arrived.
09-18-2014 09:48 AM
http://support.microsoft.com/kb/980295/en-us - works for me!
11-16-2014 11:43 PM
Here is the helpful video :
http://www.youtube.com/watch?v=bjH99xKepLY
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide