Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


ISE BYOD Error: "We are unable to determine access privileges" on redirect

     I am running ISE 1.1.1 and have gone through the design guide and setup the certificate based wireless authentication and device registration process using the ISE as a SCEP proxy for handing out certificates.  On the device registration portal instead of showing the device MAC the policy services node MAC shows up and I get an error that says "We are unable to determine access privileges in order to access the network. Please contact your adiminstrator."

The an hour later I can connect just fine. The authentication logs on ISE are exactly the same in both cases. So it seems like a bug I opened a TAC case but am also posting here.

Tarik Admani


I noticed this if I was going to a cached page. If I browse to a new page that hasnt been redirected like google, then ebay, or espn it works fine. I saw this only once, but i havent tried it an a couple days since then.

Good luck.

Tarik Admani
*Please rate helpful posts*

I am seeing this a lot.  Tarik, I took your advice and tried to go to a new page instead of one that could be cached, but it didn't help...

Curiously, the ISE server's mac address is filled in when I get this error.

If TAC gets you an answer please do share...

I havent opened a TAC case and havent seen this issue since when i first set this up.

Can you go to your devices portal (https://ipofise:8443/mydevices) login using your credentials and see if the device is registered or the status is set to lost. I would suggest deleting if it is there and try going through the process again.


Tarik Admani
*Please rate helpful posts*


After the registration process goes through which it eventually does it receives a certificate and then authenticated with EAP-TLS and I don't get the message.

The MAC shown is the policy services node.


Hey bkepford, I'm having the same issue as you. I got the same error when I log in into the guest portal. Did you found a solution for this?

Recognize Your Peers
Content for Community-Ad

ISE Webinars

Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube