cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1411
Views
5
Helpful
11
Replies

ISE version 3 authentication error

Eman.Bakri
Level 1
Level 1

Hi all

I have ISE version 3.0.0.458 integrated with Active Directory, firstly the authentication completed successfully, but there is an issue happens after a awhile, the authentication failed, and when I checked the log in ISE, I found the below Log:

 

Failure Reason12953 Received EAP packet from the middle of conversation that contains a session on this PSN that does not exist
ResolutionVerify known NAD issues and published bugs. Verify NAD configuration. Turn debug log on DEBUG level to troubleshoot the problem.
Root causeSession was not found on this PSN. Possible unexpected NAD behavior. Session belongs to this PSN according to hostname but may has already been reaped by timeout. This packet arrived too late.

the issue was solved when I reload the ISE, but I need to avoid this issue, can any one help me?

 

Thanks in Advance.

11 Replies 11

Walker
Level 1
Level 1

This was a bug in earlier releases but I believe it has since been fixed. Can you go into more details on how your authentication is taking place? What type of device, 802.1x or MAB, wired or wireless? Also, is a load balancer being used in this situation?

Thanks for your reply.

the authentication using Active directory.

devices using Dot1x for wired users.

there is no load balancing. we have two nodes work as Active-Passive .

Regards.

Are you able to post your AAA config as well as tell us what version of IOS you are running in your network?

Sorry for not sharing the information, but i am out of office these days.

But the issue is still happening, is there other recommended troublesoot steps to do?

 

Thanks.

Do you have any of the 3.0 patches installed?  What is your NAD?  

https://community.cisco.com/t5/security-knowledge-base/how-to-ask-the-community-for-help/ta-p/3704356

There is no patches installed, I used cisco switches 9200l as NAD.

Regards.

Step one needs to be to install the latest 3.0 patch before continuing.

I didnot find any patches in ISE patch management to install, could you please guide me about how to find the latest patch and install it please?

You can find the Identity Service Software 3.0 and patches here:

https://software.cisco.com/download/home/283801620/type/283802505/release/3.0.0

 

@ahollifield , I installed the latest patch and it working fine till now,  thank you for your support

Eman.Bakri
Level 1
Level 1

@Walker I installed the latest patch and it working fine till now,  thank you for your support