Go to your sponsor portal page, click on the PORTAL TEST URL and post the results including the URL on your browser. (see screenshots).
The default 2.3 ISE URL for Sponsor portal is giving me a different port based on page configuration (see screenshots next).
You are not answering to my questions:
-Post your sponsor portal configuration including the FQDN value (no matter if it is blank).
-Click on the TEST URL of your sponsor portal. (I am not sure if you are using the ISE Default Sponsor Portal or configured a customized one).
-Check that sponsor portal URL on your dns is pointing to the PSN's NOT the Primary/Secondary PAN.
By default Sponsor portal uses 8445 on version 2.3 as you saw in the screenshot.
ISE 1.3 used port 9002, later versions switched to 8443 or 8445 based on my understanding. In any case, take a look on the following links as well:
On my 2.2 deployment, the sponsor portal URL is the FQDN value indicated in the Sponsor Portal page (see previous screenshot). ISE translates that FQDN into something like this:
My DNS server resolves the Sponsor Portal URL into the F5 VIP IP so I can load balance all the Sponsor Portal request to any PSN. (another option like Round Robin DNS probably works when LB is not being used)
There are two way to access the sponsor admin portal based on what I learnt.
The sponsor admin portal with port 8443 will ask a username and password before to access.
The sponsor admin portal with port 9002 will not ask a username and password before to access.
We solve the issue after we restart many time the service.
You are right, there are 2 mechanisms to access Sponsor Portal. One from Primary PAN which displays in a parallel browser opened the URL link you mentioned. That happens when you click on the MANAGE ACCOUNTS BUTTON (The detail with that link is that you are actually LOGGED IN the Primary PAN so I would expect a failure like the one you experienced again because this link still involves a login process based on my understanding which does not happen if you try to access sponsor portal directly using the URL). See screenshots next.
I consider the proper way to access Sponsor Portal is using the corresponding Portal on port 8443 (login required) with the proper FQDN configuration as I mentioned in the previous notes because that is a regular flow on ISE.