Showing results for 
Search instead for 
Did you mean: 

"Disclose invalid usernames" not working in ISE 2.4 patch 9

Level 1
Level 1

CSCvh91118 implies (but doesn't explicitly state) that from ISE 2.4 patch 6, you can permanently enable the Disclose invalid usernames option. The pop-up help has also removed references about this option being limited to 30 minutes.


This option is not working however; RADIUS Live Logs still mask the invalid username, even when testing within ~5 minutes of enabling it. Unlike the previous behavior, the checkbox stays ticked after 30 minutes so that doesn't appear to be the problem.


Can anyone running ISE 2.4 patch7+ confirm whether the option works for them please?


CSCvo24097 doesn't appear to be at play as it appears CSCvo24097 is what drove the enhancement request that CSCvh91118 discusses.

7 Replies 7

Damien Miller
VIP Alumni
VIP Alumni

I have two deployments right now that have this enabled.  One is on 2.4 patch 9 and another on 2.4 patch 10.  Both work correctly assuming I am looking at new authentications, it doesn't unmask old ones.  

I assume you're using the AD connector?


It might be different with the LDAP connector I suspect.

Timothy Abbott
Cisco Employee
Cisco Employee

If you are still having issues with this option, please contact the TAC to troubleshoot further.




Thanks - can you confirm this is a known bug (with the LDAP connector at least)?

Does anyone have this working with the LDAP connector?


using ISE 2.7 the "Disclose invalid usernames " is working with "Always show invalid usernames" option for LDAP User lookups.

Bug seems to be fixed now.

Hi, was there a bug ID? I am running 2.6 patch3 and still seeing the issue.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: