cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

793
Views
5
Helpful
4
Replies
Luigi Gangitano
Beginner

ISE upgrade 1.2: Self-provisioning portal not working

Hi all,

I need help with Self-Provisioning portal flow not showing the agent installation page after upgrade from 1.1.1 to 1.2 on a couple of 3315. I've configured all the pieces as instructed by BYOD SBA guide at http://www.cisco.com/en/US/docs/solutions/SBA/February2013/Cisco_SBA_SLN_BYOD_InternalCorporateAccessDeploymentGuide-Feb2013.pdf

Screenshot of page is attached:

Schermata 2013-09-20 alle 18.27.14.png

I've checked ise-console.log application log file and found two errors correponding to the first page:

[portal-http-84431][] SystemConsole -::c0a8a82a000000d7523c70f9::guest:- com.cisco.cpm.provisioning.exception.ProvisioningException: java.security.cert.CertificateException: Unable to initialize, java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.

[portal-http-84431][] SystemConsole -::c0a8a82a000000d7523c70f9::guest:-         at com.cisco.cpm.provisioning.cert.CertProvisioningFactory.initialize(CertProvisioningFactory.java:333)

and the second (not working) one:

[portal-http-84431][] SystemConsole -:xxxxx@xxxxxxx:c0a8a82a000000d7523c70f9::guest:- java.lang.NullPointerException

[portal-http-84431][] SystemConsole -:xxxxx@xxxxxxx:c0a8a82a000000d7523c70f9::guest:-  at com.cisco.cpm.provisioning.cache.FlowStateCacheManager.getFlowStateCache(FlowStateCacheManager.java:202)

Looks like something is wrong with a certification file, but I cannot find what is. I've exported and re-installed current server certificates (as instructed by upgrade guide for 1.2) and nothing changed.

Can somebody please help?

Thanks,

L

4 REPLIES 4
harvisin
Participant

Hello Luigi,

Have you deleted the old cerificates and the requests as it may be the possible reason which might be causing this issue.

Yes, I did. And I've just repeated the procedure without luck. New CSR/certificate and same error.

Luigi Gangitano
Beginner

I solved it removing all the certificates from the store (ISE certs and CA certs) and repeating configuration from scratch.

Since this setup is a two node cluster, is there any way I can do the same procedure on secondary node? I cannot find the CA cert anymore on the second node.

blenka
Participant

Errors When Adding Devices to My Devices Portal

Employees cannot add a device that is already added if another employee has previously added the device so that it already exists in the Cisco ISE endpoints database.

If employees are attempting to add a device that supports a native supplicant, recommend that they use that instead. That registration process will overwrite the original registration and switch ownership to the new user.

If the device is a MAC Authentication Bypass (MAB) device, such as a printer, then you must resolve ownership of the device, and if appropriate, remove the device from the endpoints database so that the new owner can successfully add the device.

For more information on self-provisioning.

http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_mydevices.html Errors When Adding Devices to My Devices Portal
Employees cannot add a device that is already added if another employee has previously added the device so that it already exists in the Cisco ISE endpoints database.
If employees are attempting to add a device that supports a native supplicant, recommend that they use that instead. That registration process will overwrite the original registration and switch ownership to the new user.
If the device is a MAC Authentication Bypass (MAB) device, such as a printer, then you must resolve ownership of the device, and if appropriate, remove the device from the endpoints database so that the new owner can successfully add the device.
For more information on self-provisioning.

http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_mydevices.html

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube