Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7049
Views
10
Helpful
15
Replies

ISE doesnt send Guest accounts via Email

Manish Patel
Level 1
Level 1

‎01-30-2013 07:36 PM - edited ‎03-10-2019 08:02 PM

HI

I have come across an issue in ISE1.1.2.

once i create a guest account, and click on email, i get the below error

i have patched version 1.1.2 to the latest patch 3

i have also configured teh sponsor portal customisation email address.

           

ISE reports "Internal Error encountered. Please contact administrator or help desk"

anyone have any suugestions?

Labels:
Preview file
13 KB
0 Helpful
15 Replies 15

nspasov
Cisco Employee
Cisco Employee

‎01-30-2013 07:44 PM

Hmm that is strange. I just configured this today on the same version and worked just fine. Can you please confirm that you have:

1. SMTP configuration completed in the ISE admin node

2. Have defined an e-mail address in the sponsor portal (under settings)

3. Allowed the ISE node to use your SMTP relay

Thank you for rating!

0 Helpful

Manish Patel
Level 1
Level 1
In response to nspasov

‎01-30-2013 07:58 PM

Hi Neno

i have configured an SMTP server on ISE admin, i have created a default email address ( sponsor@xyz.com.au). i have got an email address in the customization page of teh sponsor portal ( user@xyz.com.au).

One thing i just tried was when i create a guest user with an email address of user@xyz.com.au , that worked fine. but if i configure a guest user with an email address of user2@abc.com.au , this is when i get the error message.

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to Manish Patel

‎01-30-2013 08:41 PM

Hmm perhaps a bug then...I can test this in my lab when I return but I had 4 accounts generated and they all worked with no problems. Are you using valid e-mail addresses or some not real ones?

0 Helpful

Manish Patel
Level 1
Level 1
In response to nspasov

‎01-30-2013 09:10 PM

i am using valid email addresses for both the guests and sponsor

0 Helpful

David Niemann
Level 3
Level 3
In response to Manish Patel

‎01-31-2013 02:38 PM

I'm having the same issue, but it does appear to be sending the emails in my case.  The error is pretty generic and doesn't indicate what the actual issue is.

0 Helpful

Manish Patel
Level 1
Level 1
In response to David Niemann

‎01-31-2013 04:06 PM

what i found out was that if teh sponsor email and the guest user email are on the same domain , then the email works. if sponsor email is on xyz.com and guest user is on abc.com  , then both of them dont get emails.

Anyone come across this or is it a bug..on version 1.1.2

0 Helpful

David Niemann
Level 3
Level 3
In response to Manish Patel

‎02-18-2013 01:07 PM

That matches up with what I am seeing too except the sponsor always seems to get the email.

0 Helpful

descalante2007
Level 1
Level 1

‎02-06-2013 01:09 PM

I was with the same issue by several days. I set SPAN in the switch port to monitor SMTP on the ISE port and I saw an authentication message. "530 5.7.1 Client was not authenticated". With this info I realized the ISE was sending and the Exchange Server was dening the service.

It is working now, but I still have a question:

When I create new accounts, the email with username and password should be sent inmediately or the Sponsor must send it manually selecting the user from the main list and clicking on Send Email ... ??

jan.nielsen
Level 7
Level 7
In response to descalante2007

‎02-18-2013 03:29 PM

These problems all sound like your exchange server is not allowing the ise to do relaying.

0 Helpful

elaverriere
Level 1
Level 1
In response to jan.nielsen

‎02-20-2013 08:33 AM

Jan, so in an environment where Exchange restricts IPs that are allowed to relay mail, do you need to add all of the ISE PSNs for sponsor, and PANs for Alerting, or does ISE use the PAN IP for all messages?

0 Helpful

jan.nielsen
Level 7
Level 7
In response to elaverriere

‎02-20-2013 02:27 PM

I'm not 100% sure if PSN's will be used for sending email, you should probably add all ise servers to the relay allow list just to be on the safe side.

0 Helpful

Nicholas Copeland
Level 4
Level 4
In response to jan.nielsen

‎06-04-2013 11:54 AM

Did anyone find a fix for this or know if it is a bug? I am running into the same issue. Can send emails to users on the same domain but not to users on a different domain. However, if I manually send the emails through a telnet session from the ISE appliance I am able to send the emails.

0 Helpful

Octavian Szolga
Level 4
Level 4
In response to Nicholas Copeland

‎06-10-2013 01:04 AM

I'm experiencing the same issue.

Right now, ISE does not support SMTP authentication as a global setting so that one can send emails for guest/contractors using a secure SMTP server.

In my particular case, adding an exception to the SMTP server that allow ISE to send emails without beeing authenticated is not a option. The customer will simply say that ISE - as a security platform - should have a SMTP authentication tab and sending email wihout any form of authentication is a security breach.

The same thing applies with proxy settings. There is no tab or checkbox for proxy authentication settings...

0 Helpful

ajc
Level 7
Level 7
In response to jan.nielsen

‎10-13-2015 11:32 AM

Facing the same issue today. I realized that I only had part of my PSN's into the Exchange Relay List so I just added into it and done. Everything is working fine now.

Customers Also Viewed These Support Documents