cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

3635
Views
0
Helpful
4
Replies
dgaikwad
Contributor

Live logs report error 5436

Hi Experts,

 

While working with a third party NAD, Juniper 4200EX, today I started to get this error while testing for some of the use-cases.

While this was working fine till last week, today, the test machine was restarted and then post login to the machine, NAM kept popping for user credentials. And every time the user entered credentials this error was reported on live logs: 5436 RADIUS packet already in the process.

There has been no changes made to the configuration earlier, the ISE policies and profiles are the same.

The only change that was there, was to move the user's computer to admin groups to allow him to install/uninstall symantec antivirus, to allow us perform negative testing.

 

Following is the test setup that we have:

ISE 2.3.0.298 Patch 3

AnyConnect with NAM: 4.5.04029

Juniper 4200EX: 15.1R7.8

 

Any pointers appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Surendra
Cisco Employee

You would see this if another authentication for that endpoint is still in progress for this endpoint or if a request is stuck on the ISE from being processed forever.

You might want to check CSCvh09878. There is a very high possibility that you might be running into this.

View solution in original post

4 REPLIES 4
Jason Kunst
Cisco Employee

I would make sure it’s not getting suppressed. Have you tried marking unsuppressed in live logs? The you can troubleshoot further

I see that under Suppression reports, no other setting has been enabled:

Suppression reports.JPG

I am going to work with that engineer today and see if could capture some debug logs from the switch itself.

Any ideas that you could suggest for this issue?

 

Thank you!

 

 

Surendra
Cisco Employee

You would see this if another authentication for that endpoint is still in progress for this endpoint or if a request is stuck on the ISE from being processed forever.

You might want to check CSCvh09878. There is a very high possibility that you might be running into this.

View solution in original post

As off now they are not in a position to do an upgrade. But would like to get some more details about this issue.

 

Any idea why would this happen?

As this is something that could easily pop-up in a production environment.

Content for Community-Ad