Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
643
Views
1
Helpful
3
Replies

User authentication successfully but only display Device name

Go to solution
csco11552159
Level 5
Level 5

‎07-26-2017 07:05 AM

Hi,

We recently found some issues.Some users who already successfully authenticated with 802.1 EAP-TLS  in operation logs, we can see the username. But when we try to search this username from "Context Visibility-->Endpoints" , we couldnt see the username, but the Device name only and also it seems to be old or maybe some previous information.

in this region we have 2 PSNs @ 2.1 P3 and using F5 LB to share the load.

here are some screenshot...  Anyone knows about this problem and how to fix it ?

authentication1.JPG

from "endpoints", Shows PSN1....

authentication2.JPG

under "Attributes" tab, everything is PSN1:

authentication31.JPG

under "Authentication" tab,everything is correct.

authentication51.JPG

1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to csco11552159

‎07-27-2017 08:37 PM

First, please check and ensure the profiler RADIUS probe enabled on PSN2. I would suggest to restart the ISE services on PSN2 while watching the debug log profiler.log at ISE admin CLI

term len 0


show logging app profiler.log tail

Make sure the RADIUS probe coming up correctly.

Below shows an example whenthe probe not started properly:

2017-07-25 02:22:51,896 INFO   [ProfilerController-2-thread-1][] cisco.profiler.probes.radius.SyslogMonitor -::- Configuring RADIUS Probe.

2017-07-25 02:22:51,898 INFO   [ProfilerController-2-thread-1][] cisco.profiler.probes.radius.SyslogMonitor -::- Starting RADIUS probe.

2017-07-25 02:22:51,908 ERROR  [ProfilerController-2-thread-1][] cisco.profiler.probes.radius.SyslogMonitor -::- Unable to start RADIUS probe.

2017-07-25 02:22:51,908 ERROR  [ProfilerController-2-thread-1][] cisco.profiler.infrastructure.probemgr.ProbeLoader -::- Loading probe:radius failed.:Unable to start RADIUS probe. Address already in use

com.cisco.profiler.common.ProfilerException: Unable to start RADIUS probe. Address already in use

If the above not helping, please engage Cisco TAC to troubleshoot it further.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
hariholla
Cisco Employee
Cisco Employee

‎07-26-2017 10:51 AM

What value do you see for the 'User-Name' attribute, under the 'Attributes' tab?

Also did you try clicking on the refresh button:

Screen Shot 2017-07-26 at 10.48.19 AM.png

~Hari

0 Helpful

Go to solution
csco11552159
Level 5
Level 5
In response to hariholla

‎07-26-2017 12:35 PM

the user name Attribute is as same as the User-name at top both are machine name.

i tried refresh, not really works.

I can see these users previous day "live log" authentication server was on PSN1, today is using PSN2.

can the database confused yesterday and today's data time? so pick old one instead ?

Also "location:"  always empty. even we configured Location.. all location --->building name....

but still shows nothing...

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to csco11552159

‎07-27-2017 08:37 PM

First, please check and ensure the profiler RADIUS probe enabled on PSN2. I would suggest to restart the ISE services on PSN2 while watching the debug log profiler.log at ISE admin CLI

term len 0


show logging app profiler.log tail

Make sure the RADIUS probe coming up correctly.

Below shows an example whenthe probe not started properly:

2017-07-25 02:22:51,896 INFO   [ProfilerController-2-thread-1][] cisco.profiler.probes.radius.SyslogMonitor -::- Configuring RADIUS Probe.

2017-07-25 02:22:51,898 INFO   [ProfilerController-2-thread-1][] cisco.profiler.probes.radius.SyslogMonitor -::- Starting RADIUS probe.

2017-07-25 02:22:51,908 ERROR  [ProfilerController-2-thread-1][] cisco.profiler.probes.radius.SyslogMonitor -::- Unable to start RADIUS probe.

2017-07-25 02:22:51,908 ERROR  [ProfilerController-2-thread-1][] cisco.profiler.infrastructure.probemgr.ProbeLoader -::- Loading probe:radius failed.:Unable to start RADIUS probe. Address already in use

com.cisco.profiler.common.ProfilerException: Unable to start RADIUS probe. Address already in use

If the above not helping, please engage Cisco TAC to troubleshoot it further.

0 Helpful
Customers Also Viewed These Support Documents