06-06-2022 11:58 PM
Hi Team,
I would like to seek some help on an issue when AD users change their password, ISE does not get synced and therefore, users are not able to log in to Windows.
Some users are able to log in to Windows but after a while, an AD credential input pops up from AnyConnect (this is also an issue where users report it as a phishing attempt), put in the credential, and still not work.
My workaround on this issue so far has been:
-CoA : Reauth (not work)
-Manually delete endpoint profile from context visibility page (it works)
The connection between AD and ISE is working normally.
I am stuck on how to solve this issue permanently without having to workaround every time users change their passwords.
I would really appreciate it if anyone can give some insight or face similar issues.
Thanks and Best Regards,
Sreng
06-07-2022 12:21 AM
@sreng how are the users changing their passwords? Ctrl-Alt-Del on their computer?
Are you using PEAP/MSCHAPv2?
Is the computer domain joined and the 802.1x authentication credentials passed through?
06-07-2022 12:45 AM
Hi @Rob Ingram ,
Thanks for your response.
On ISE dashboard, everything looks actually look fine.
06-07-2022 12:59 AM
@sreng if you are using Machine Certificate and MSCHAPv2 are you using AnyConnect NAM or TEAP for EAP Chaining?
Perhaps the supplicant could be misconfigured?
06-07-2022 12:43 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide