02-17-2014 01:11 AM - edited 03-10-2019 09:24 PM
I have configured ISE High Availability with two ISE virtual servers.
While testing HA I powered off primary server, after powering off primary server secondary ISE becomes active but not able to authenticate any clients.
ISE supposed to authenticate following types of clients.
1. Dot1x AD authentication
2. Guest user CWA
3. Mac authentication
While trying to connect client with dot1x authentication it is giving following error.
“5440 Endpoint abandoned EAP session and started new”
According to following cisco link this is a bug which is not fix in ISE 1.2.
https://supportforums.cisco.com/thread/2244163
Kindly check attached file for error screenshot.
While connecting guest users it is giving following message for all guest users but no user is able to connect guest network.
“Authentication succeeded”
“session state is authenticated”
02-17-2014 03:10 AM
This issue mentioned is for previous release of ISE and i would suggest you to installed the latest patches. Also do mention the ISE release built number.
Check the link for updates and new releases and troubleshooting(resolution)
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/release_notes/ise12_rn.html#wp326805
02-17-2014 03:20 AM
ISE Info.
Version | 1.2.0.899 |
Installed Patches | 2 |
Product Identifier (PID) | ISE-VM-K9 |
Version Identifier (VID) | V01 |
Serial Number (SN) | 8G8L9C6N5PP |
ADE-OS Version | 2.0.5.250 |
02-17-2014 04:10 AM
Installed ISE 1.2 patch 5 still not working.
02-17-2014 05:22 AM
do you have a Cisco TAC opened for this? If so, what is the TAC case number?
I am very interested in the solution as well because I have a similar setup like yours but I am seeing any issues, YET :-)
02-19-2014 02:23 AM
After configuring fallback on 5760 controller everything started working properly.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide