Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
484
Views
0
Helpful
2
Replies

ISE 3.3 Patch 2 with NDFC - Internal User gets disabled

Go to solution
teDan
Level 1
Level 1

‎08-28-2024 03:10 AM

ISE 3.3 Patch 2 with NDFC - Internal User gets disabled
Hello all,

we have an issue with an internal user on ISE which always gets disabled after some time. Or rather NDFC can not authenticate with a given user anymore.

This user is used by Nexus Dashboard Fabric Controller to discovery nexus devices. At first discovery and management works but after a period of time the user will be disabled. According to ISE authentication fails because of an invalid shared secret or password. And afterwards because of our policies, the user becomes disabled.

Since discovery and management of the devices worked before and nothing was changed, I am rather clueless what might be the reason for the failed authentications.

This issue also appears with an internal user for Prime. But here it will take more time until this user will be disabled.

Changing the password or recreating the user does not work. Authentication policies should be okay.

Do you have any suggestions what might be the reason?

Thanks in advance!

Kind regards,

Daniel

Labels:
Preview file
58 KB
Preview file
25 KB
Preview file
70 KB
Preview file
123 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
teDan
Level 1
Level 1

‎09-02-2024 03:49 AM

Hello,

the issue was on NDFC. Somehow it uses wrong passwords for whatever reason. I restarted and and clean-wiped it and so far the issue disappeard.

Greetings.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
marce1000
VIP
VIP

‎08-28-2024 03:42 AM

 

  - For the time being I would start by disabling these settings after lock out actions and disabling after a number of login attempts (during  a test period).  For the rest you have https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/212594-debugs-to-troubleshoot-on-ise.html
  which might help looking into ; when choosing logs to start with , you may start by those related to authenticating uses, 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
teDan
Level 1
Level 1

‎09-02-2024 03:49 AM

Hello,

the issue was on NDFC. Somehow it uses wrong passwords for whatever reason. I restarted and and clean-wiped it and so far the issue disappeard.

Greetings.

0 Helpful
Customers Also Viewed These Support Documents