cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

348
Views
0
Helpful
12
Replies
Highlighted

ISE 1.2 Patch 7 possible guest CWA bug

Just upgraded an ISE implementation to patch 7 and discovered that the patch broke the CWA guest portal on wireless. I haven't tested wired CWA but wireless is busted.

In summary the redirection works fine but when you enter valid guest credentials nothing happens including no logs on ISE. If you enter credentials that don't exist in the guest group you get a failed authentication and the corresponding log. As soon as I rolled back to patch 6 everything worked again.

 

If any TAC engineers see this feel free to pursue it - I would log a case but the kit is NFR and I can't be bothered going through the process of logging a job on NFR kit.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

please check CSCuo16503

please check CSCuo16503

View solution in original post

12 REPLIES 12
Highlighted
Beginner

Have you tried different

Have you tried different browsers? I've tested the patch 7 and my custom guest portal works as it should. Try firefox and see what it does. I've seen the latest IE give different errors on the guest portal.

Highlighted
Participant

I was working on this issue

I was working on this issue with Steve and with both Mac & PC and a variety of browsers we were getting the same issue. When you click submit on the guest login page, it reloads the same page and wipes the username and password fields. Nothing is showing in the authentication page. If the guest user types a wrong username/password then they receive the error page and this shows up on the admin portal.

Highlighted
Beginner

Hi Joe,Is this issue apparent

Hi Joe,

Is this issue apparent when guest users are required to change the password? I had the same issue and a rollback to patch 4 and upgrade to patch 6 fixed it for me.

I am still having problems with the custom portal though.

Highlighted
Participant

No, We don't force users to

No, We don't force users to change password. We rolled back to patch 6 and left it for the moment.

Highlighted
Beginner

Are you using a custom portal

Are you using a custom portal?

Highlighted
Participant

Just the standard portal.

Just the standard portal.

Highlighted
Participant

Tried re-implementing patch 7

Tried re-implementing patch 7 and it broke guest portal again so rolled back to patch 6 and all is good. We have 1,5,6 and 7 on the server.

Highlighted
Beginner

Hi, I'm experiencing similar

Hi,

 

I'm experiencing similar issues with patch 7. I am actually using a custom portal, which was working fine in patch 4 - after upgrading to patch 7 to fix a Web Posture bug, the portal would randomly push out pages from the Default Portal (I.E. Device Registration when I had no self provisioning flow enabled). Now, I am getting the error in the attachment after the user accepts the AUP.

 

The standard portal is working fine, except for a bug with the "Require Users to change password at login" option. When users try to change their password at first login, the portal errors out and I get an error in the Authentication Logs. However, the password is changed successfully. This issue is apparent since installing patch 7.

Highlighted
Enthusiast

the guest portal in Patch 7

the guest portal in Patch 7 is working fine. Please check the different browser and share the screen shoot of error.

Highlighted
Beginner

Hi, The problems I am

Hi,

 

The problems I am experiencing are only apparent in a particular deployment, which has gone through ISE 1.2 -> Patch 4 -> Patch 7. I have tried to reproduce it on a fresh ISE setup (with the same patch succession) using the same custom web portal, but everything works as it should.

The error is: https://supportforums.cisco.com/sites/default/files/attachments/discussion/ise_error.jpg

 

Thanks!

Highlighted
Cisco Employee

please check CSCuo16503

please check CSCuo16503

View solution in original post

Highlighted

I think that bug you

I think that bug you reference is almost an exact match for the issue, except we aren't allowing password change. Overall though I think that bug answers the question. Despite seeming like a minor issue it is actually a major issue for the bulk of deployments I have a done meaning I can't feasibly upgrade to 7. Hopefully patch 8 addresses some of the multitude of issues that seem to be affecting ISE 1.2 at present.