Hello,

I am configuring BYOD flow in my lab with the following details:

1) Wired scenario (the flow and everything was working well with previous version of ISE, so I assume the switch configuration is ok.

2) I have upgraded to ISE 2.4 and rebuilding the configuration there

3) My ISE is dual homed. Admin access on eth0, and RADIUS on eth1.

4) User is logging on guest portal with AD account and from there redirected to onboarding

5) I have enabled all the portals only on eth1

6) When I go through the flow I get to run the NSA portal fine, but then I have a message that I fail downloading the profile, and it seems that the problem is in setting up the https connection from the message I have on the client log file

I tried with IP address and FWDN in the redirection, and both have issues.

I have imported the root CA signing the ISE cert in the client trust store

The time client to ISE is in sync.

The PSN Certificates contains the FQDN and and IP address i the SAN.

Any idea on how to proceed?

Thanks