This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
CSCvh91118 implies (but doesn't explicitly state) that from ISE 2.4 patch 6, you can permanently enable the Disclose invalid usernames option. The pop-up help has also removed references about this option being limited to 30 minutes.
This option is not working however; RADIUS Live Logs still mask the invalid username, even when testing within ~5 minutes of enabling it. Unlike the previous behavior, the checkbox stays ticked after 30 minutes so that doesn't appear to be the problem.
Can anyone running ISE 2.4 patch7+ confirm whether the option works for them please?
CSCvo24097 doesn't appear to be at play as it appears CSCvo24097 is what drove the enhancement request that CSCvh91118 discusses.
I have two deployments right now that have this enabled. One is on 2.4 patch 9 and another on 2.4 patch 10. Both work correctly assuming I am looking at new authentications, it doesn't unmask old ones.
I assume you're using the AD connector?
It might be different with the LDAP connector I suspect.
If you are still having issues with this option, please contact the TAC to troubleshoot further.