Solved: Re: Unable to open ISE "managed account" page

A.Begessinova · ‎04-01-2019

Good day,

We are unable to open ISE "managed accounts" page. when we trying to click button "Managed Accounts", it shows :

This page can’t be displayed

Make sure the web address https://XXXXXXX:9002 is correct.
Look for the page with your search engine.
Refresh the page in a few minutes.

Jason Kunst · ‎04-22-2019

sorry took so long to respond, this post was corrupted. Are you not able to use the sponsor portal? the manage accounts shouldn't be used as its limited. also need to make sure DNS and certificates resolve correctly. are you going through NAT firewall?
https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/admin_guide/b_ise_admin_guide_26/b_ise_admin_guide_26_chapter_01111.html#id_35332__ul_zkl_vpx_tw

I would recommend setting up easy URL FQDN access to sponsor portal to use it that way as well
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_011100.html

Fully Qualified Domain Name (FQDN)—Enter at least one unique FQDN and/or hostname for your Sponsor or MyDevices portal. For example, you can entersponsorportal.yourcompany.com,sponsor, so that when the user enters either of those into a browser, the sponsor portal displays. Separate names with commas, but do not include spaces between entries.

If you change the default FQDN, then also do the following:

Update your DNS so that the FQDN of the new URL resolves to a valid Policy Services Node (PSN) IP address. Optionally, this address could point to a load balancer virtual IP address that serves a pool of PSNs.

To avoid certificate warning messages due to name mismatches, include the FQDN of the customized URL, or a wildcard, in the subject alternative name (SAN) attribute of the local server certificate of the Cisco ISE PSN.

View solution in original post

Jason Kunst · ‎04-22-2019

sorry took so long to respond, this post was corrupted. Are you not able to use the sponsor portal? the manage accounts shouldn't be used as its limited. also need to make sure DNS and certificates resolve correctly. are you going through NAT firewall?
https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/admin_guide/b_ise_admin_guide_26/b_ise_admin_guide_26_chapter_01111.html#id_35332__ul_zkl_vpx_tw

I would recommend setting up easy URL FQDN access to sponsor portal to use it that way as well
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_011100.html

Fully Qualified Domain Name (FQDN)—Enter at least one unique FQDN and/or hostname for your Sponsor or MyDevices portal. For example, you can entersponsorportal.yourcompany.com,sponsor, so that when the user enters either of those into a browser, the sponsor portal displays. Separate names with commas, but do not include spaces between entries.

If you change the default FQDN, then also do the following:

Update your DNS so that the FQDN of the new URL resolves to a valid Policy Services Node (PSN) IP address. Optionally, this address could point to a load balancer virtual IP address that serves a pool of PSNs.

To avoid certificate warning messages due to name mismatches, include the FQDN of the customized URL, or a wildcard, in the subject alternative name (SAN) attribute of the local server certificate of the Cisco ISE PSN.

Unable to open ISE &quot;managed account&quot; page

Unable to open ISE "managed account" page