04-01-2022 05:29 AM
When an endpoint tries to authenticate with ISE it fails. But the logs for this authentication failure event are not present in ISE live log or Reports. Is there any solution for this?
Solved! Go to Solution.
04-03-2022 01:53 PM
Do you mean ISE shutdown/restart or endpoint shutdown/restart?
If it's the endpoint, then perhaps the supplicant is not configured correctly. Need more details on whether you're trying to do Computer or User auth (or both).
Not seeing Live Logs in ISE could be an indication of a broken ISE system. Ensure that all Secondary ISE nodes are in Sync with the Primary Admin node. If in doubt, restart the ISE node that is operating as the Primary Monitoring persona.
04-01-2022 05:33 AM
When an end point tries to authenticate with ISE after a restart or a shutdown it fails. The first time the endpoint authenticats successfully but after a restart it start to fail and we have to disable and enable agin the network adapter for it to work. any help on this please i am struggling with it for over a 2 weeks now.
04-01-2022 06:08 AM
Is your network device properly configured to send radius logs to your ISE server? Can you see logs from other endpoints? Can you see logs coming in from the particular switch that this endpoints is connected to?
My first thought is that there is a misconfiguration somewhere, whether it's your AAA config on the switch or the NAD config from Administration > Network Resources > Network Devices. Please verify those settings are in place and correct.
04-03-2022 01:53 PM
Do you mean ISE shutdown/restart or endpoint shutdown/restart?
If it's the endpoint, then perhaps the supplicant is not configured correctly. Need more details on whether you're trying to do Computer or User auth (or both).
Not seeing Live Logs in ISE could be an indication of a broken ISE system. Ensure that all Secondary ISE nodes are in Sync with the Primary Admin node. If in doubt, restart the ISE node that is operating as the Primary Monitoring persona.
04-03-2022 11:01 PM
Thank You Arnie Bier.
one of the nodes was out of syncn and it was the primary monitoring persona. will do as you suggested. the shutdwon is on the endpoints and we have configured the supplicant PEAP and MSCHAPv2. authentication mode is set to use or computer authentication. it is set up to prompt the user for credential to authenticate to ISE buteach time when the endpoint restarts authentication will not take place so we disable and enable agiain the Ethernet network adapter then it will authenticate. we use AD server as an identity source.
04-01-2022 06:56 AM
Provide the necessary detail to troubleshoot as explained in How to Ask The Community for Help .
Otherwise, call TAC and they will go back and forth with you to get the necessary details for troubleshooting.
04-01-2022 11:46 PM - edited 04-02-2022 12:05 AM
The configuration on the switch
aaa new-model
aaa group server radius RADIUS_GROUP
aaa authentication dot1x default group RADIUS_GROUP
aaa authorization network default group RADIUS_GROUP
aaa authorization auth-proxy default group RADIUS_GROUP
aaa accounting update periodic 5
aaa accounting dot1x default start-stop group RADIUS_GROUP
aaa server radius dynamic-author
aaa session-id common
I have run the test command
test aaa group RADIUS_GROUP testuser test password new-model
and it returns User successfully authenticated.
For successful authentications i can find a live log but for unsuccessfull authentications there is no log
i have also run a TCP Dump on the ISE node and there are RADIUS traffics going in and out of the node. i attached a screenshot.
04-02-2022 01:29 AM
We also have to ISE nodes one primary Admin and one primary Monitor. the PSN is active in both nodes. The was an out of sync problem with the two nodes recently. can that be the problem for the logs not being visible?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: