11-22-2013 02:52 AM - edited 03-10-2019 09:07 PM
Hi.
I see this error in the ISE logs from time to time, and would like to get rid of it.
But I can't seem to find any information on HOW to get rid of it.
The ISE log is somewhat vague in it's solution suggestion.
Here goes the whole thing:
Event: 5411 Supplicant stopped responding to ISE
Failure reason: 12935 Supplicant stopped responding to ISE during EAP-TLS certificate exchange
Resolution: Verify that supplicant is configured properly to conduct a full EAP conversation with ISE. Verify that NAS is configured properly to transfer EAP messages to/from supplicant. Verify that supplicant or NAS does not have a short timeout for EAP conversation. Check the network that connects the Network Access Server to ISE. Verify that ISE local server certificate is trusted on supplicant. Verify that supplicant has a properly configured user/machine certificate.
The supplicant i a Windows 7 og Windows XP computer, and it is indeed set up to use Certificate authentication.
Any tips?
Thank you.
11-26-2013 12:47 PM
Did you ever get a fix for this?
I am running across the same issue with Win7 Supplicants.
Every supplicant configuration example that I've seen specifies a list of the PSN's in the "connect to these servers" box but I haven't been able to find specific documentation as to whether or not that is actually required.
I'd like to know if there's an answer out there for this issue.
01-11-2018 01:13 PM
Old thread but possibly helpful solution we found: Our controllers were missing an ACL to allow traffic to ISE. Resulted in EAP timeouts and thus new EAP conversations. Good luck!
11-09-2023 07:33 AM
I had this problem today and it turned out that the OLO who provided the WAN circuit to site had changed the MTU to 1468bytes
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: