09-27-2012 11:06 AM - edited 03-10-2019 07:36 PM
Hi all
Yesterday I did not shutdown my computer before leaving office. This mornnig all attempts to log fail. When I check the ISE, I get this message "
No response received during 120 seconds on last EAP message sent to the client :
5411 No response received during 120 seconds on last EAP message sent to the client ".
My supplicant is configured properly and the configuration on the NAS did not change anymore.
On the switch, the following command :
Show interface gi0/38 , give the output below:
and show inter status below although I disconnect my computer from this port
What's can be the matter?
04-22-2014 10:24 AM
Hi,
too me the same problem. my workaround is restarted ISE.
After restart ise everything is ok... but after same time the problem occur again.
might be a BUG?
Me release is 1.1.4 update 10.
09-25-2014 01:52 AM
the workaround was PEAP+TLS..
09-25-2014 01:52 AM
The platform ISE + WLC is very unstable.
Now I have upgrade WLC to version 7.6.110 to 7.6.120 and ISE to release 1.2.1 patch 1 and some client seem not work.
there is and combination that is working good without BUG or compatibility problems with most client device? I mean certificate virtual WLC and virtual ISE version?
09-25-2014 04:21 AM
I agree w you, after many version and a lot lot lot of patches... the solution keeps unstable. I'm trying configure ISE in my environment and I have headache in my lab only w two endpoints... What's the probability to change our MS/NPS that works well w 2500+ endpoints?
09-25-2014 02:19 AM
Symptom:
Machine Authentication fails on several clients from time to time. Problem occurs from time to time, in the ISE report we can see "22056 Subject not found in the applicable identity store(s)" and "5411 No response received during 120 seconds on last EAP message sent to the client" as the reason for failure.
Conditions:
Due to a disjoint namespace problem, machine authentication on 802.1x over a AD Server may fail if the SPN being used by the suplicant contains a DNS suffix which does not exist on the Domain Controller Group List.
802.1x machine suplicant sending full qualify hostname during authentication process inclusing a DNS suffix which does not exist on the Domain Controller Groups list.
Workaround:
none
Known Affected Releases: | (2) |
09-23-2014 01:58 PM
is this issue specific to few clients?have you tested it with other clients?
09-24-2014 07:27 AM
for me happened only win7... winXP and Win8.1 worked fine.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide