cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3261
Views
0
Helpful
7
Replies

No respon5411 No response received during 120 seconds on last EAP message sent to the client

Hi all

Yesterday I did not shutdown my computer before leaving office. This mornnig all attempts to log fail. When I check the ISE, I get this message "

No response received during 120 seconds on last EAP message sent to the client                                                                                 :

5411 No response received during 120 seconds on last EAP message sent to the client ".

My supplicant is configured properly and the configuration on the NAS did not change anymore.

On the switch, the following command :

Show interface gi0/38 , give the output below:

and show inter status below although I disconnect my computer from this port

What's can be the matter?

7 Replies 7

Hi,


 too me the same problem. my workaround is restarted ISE.

After restart ise everything is ok... but after same time the problem occur again.

 

might be a BUG?

 

Me release is 1.1.4 update 10.

 

the workaround was PEAP+TLS..

The platform ISE + WLC is very unstable.
Now I have upgrade WLC to version 7.6.110 to 7.6.120 and ISE to release 1.2.1 patch 1 and some client seem not work.

 

there is and combination that is working good without BUG or compatibility problems with most client device? I mean certificate virtual WLC and virtual ISE version?

I agree w you, after many version and a lot lot lot of patches... the solution keeps unstable. I'm trying configure ISE in my environment and I have headache in my lab only w two endpoints... What's the probability to change our MS/NPS that works well w 2500+ endpoints?

ISE 1.1.4 cannot find machine with DNS suffix not on DC Groups
CSCun97251

Symptom:
Machine Authentication fails on several clients from time to time. Problem occurs from time to time, in the ISE report we can see "22056 Subject not found in the applicable identity store(s)" and "5411 No response received during 120 seconds on last EAP message sent to the client" as the reason for failure.

Conditions:
Due to a disjoint namespace problem, machine authentication on 802.1x over a AD Server may fail if the SPN being used by the suplicant contains a DNS suffix which does not exist on the Domain Controller Group List.

802.1x machine suplicant sending full qualify hostname during authentication process inclusing a DNS suffix which does not exist on the Domain Controller Groups list.

Workaround:
none

 

Known Affected Releases:
(2)
1.1(4.218)
1.3(0.626)

Saurav Lodh
Level 7
Level 7

is this issue specific to few clients?have you tested it with other clients?

for me happened only win7... winXP and Win8.1 worked fine.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: