01-03-2019 09:36 AM - edited 03-11-2019 01:53 AM
Hi Guys, I've an ISE Deployment with 4 nodes
node 1 is the primary admin and secondary mnt node
node 2 is the secondary admin and primary mnt node
node 3 and 4 are PSN only nodes
We need to deploy Sponsor portal in this environment and by default ISE redirec authentication requests on node3 with an URL like: https://node3_ip:8443/sponsorportal/PortalSetup.action?portal=40963c00-2e02-11e8-ba71-005056872c7f
If I specify in the Sposor portal configuration an FQDN the redirection is correctly done on the FQDN instead of use the IP address.
Unfortunately We receive the following an error after the Sponsor authentication process (see ISE-Sponsor-Error.jpg file attached)
If I enable PSN role on node 1 and I redirect sponsor portal on that node, everything works fine.
Any suggestion?
Thanks
Gabriele
Solved! Go to Solution.
01-03-2019 10:51 AM
What version of ISE is being used? There was a bug logged for 2.4 that can result in a 400 bad request, fixed in 2.4p3+.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm17749
Are the PSN's behind any load balancers?
01-03-2019 10:26 AM
01-03-2019 10:36 AM
01-03-2019 10:48 AM
01-03-2019 11:21 AM
01-03-2019 10:51 AM
What version of ISE is being used? There was a bug logged for 2.4 that can result in a 400 bad request, fixed in 2.4p3+.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm17749
Are the PSN's behind any load balancers?
01-03-2019 11:23 AM
09-12-2019 09:00 AM
@Damien Miller wrote:What version of ISE is being used? There was a bug logged for 2.4 that can result in a 400 bad request, fixed in 2.4p3+.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm17749
Are the PSN's behind any load balancers?
Hi Damien,
We are currently on patch 8 and having this problem with guest portal. Plus our PSNs are behind a load balancer. The guest portal DNS actually resolves to the VIP of the load balancer. Is it a good idea to have load balancer for guest portal considering this is sessionized ?
12-15-2019 09:45 PM
I am having the same issue on a two node deployment 2.4 patch 9 but can only be seen on the secondary ISE. Tried the steps
below but resulted to the same issue:
1. promoted secondary ISE to primary.
2. restarted the ise application server.
anyone was able to resolve this?
01-24-2020 12:40 PM
It seems this issue is persistent regardless of patch and it's tied to SSO. Once SSO is disabled, there is no 404 bad request error. In my deployment, once I enable SSO, I don't have the error, but many users get the error. I have opened a TAC case.
Load balancing or separate PSNs has nothing to do with this. My PSNs have sponsor portal FQDN in the SAN field, so there shouldn't be conflict from whichever PSN respsonds.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide