I tried just that, and it came up with the portal page, My tester couldnt create an account, this was because I hadnt added any sponsor groups from AD,

Now, he can log in and create a guest account, I am at the last hurdle! the guest he created could not log in though?

Thanks for replying, if I can get this last bit working, I will be a happy chap!

Logs say "Guest Status - AWAITING_INITIAL_LOGIN"

do these created guests need to be put somewhere?

You cannot check Guest accounts in ISE. The only way to check is to have sponsor login and check on sponsor portal.

Regards

Gagan

ps: rate if it helps!!!!

he tried to login as the newly created account, and it said authentication failed?

You mean, created guest account from sponsor portal doesn't work.

Did you get any error on ISE in reports.

correct, My sponsor, logged into the portal and created an account, no problem.

we then tested the account from another machine, but it gets authenticating failed... we have double checked the credentials..

no error on the ISE, cant even see anything attempting.. which is odd.

Check under Operations > Report > Guest.

You will find My devices Login and audit.

Check if you are able to see some record for it.

No record of the newly created username trying... most bizarre!

All seems to be fine now, one rule had a "reject reject" so I moved my guest rule above it, all seems to be great, thank you for your time and patience. I hope the new unit I am doingi tomorrow will be easier! its going to be a secondary node after all

Glad to hear that:).

Regards

Gagan

Check the identity store sequence under

Administration > identity management > Identity store sequence.

Also in Authentication rule, which store is selected.

Regards

Gagan

I have used the default sequence:

Guest_Portal_Sequence - Internal Users, AD1, Guest Users. All_AD_Join_Points

Auth Rule, there are a few as I had to copy what I could from the old ISE 1.1.1

Please see screen shot:

Thanks so much for the assist...