Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
14382
Views
1
Helpful
3
Replies

12935 Supplicant stopped responding to ISE during EAP-TLS certificate exchange

dal
Level 3
Level 3

‎11-22-2013 02:52 AM - edited ‎03-10-2019 09:07 PM

Hi.

I see this error in the ISE logs from time to time, and would like to get rid of it.

But I can't seem to find any information on HOW to get rid of it.

The ISE log is somewhat vague in it's solution suggestion.

Here goes the whole thing:

Event: 5411 Supplicant stopped responding to ISE

Failure reason: 12935 Supplicant stopped responding to ISE during EAP-TLS certificate exchange

Resolution: Verify that supplicant is configured properly to conduct a full EAP  conversation with ISE. Verify that NAS is configured properly to  transfer EAP messages to/from supplicant. Verify that supplicant or NAS  does not have a short timeout for EAP conversation. Check the network  that connects the Network Access Server to ISE. Verify that ISE local  server certificate is trusted on supplicant. Verify that supplicant has a  properly configured user/machine certificate.

The supplicant i a Windows 7 og Windows XP computer, and it is indeed set up to use Certificate authentication.

Any tips?

Thank you.

10 people had this problem
Labels:
0 Helpful
3 Replies 3

xxkozxx
Level 1
Level 1

‎11-26-2013 12:47 PM

Did you ever get a fix for this?

I am running across the same issue with Win7 Supplicants.

Every supplicant configuration example that I've seen specifies a list of the PSN's in the "connect to these servers" box but I haven't been able to find specific documentation as to whether or not that is actually required.

I'd like to know if there's an answer out there for this issue.

0 Helpful

innovative_elephant
Level 1
Level 1
In response to xxkozxx

‎01-11-2018 01:13 PM

Old thread but possibly helpful solution we found: Our controllers were missing an ACL to allow traffic to ISE. Resulted in EAP timeouts and thus new EAP conversations. Good luck!

0 Helpful

russell.sage
Level 1
Level 1
In response to innovative_elephant

‎11-09-2023 07:33 AM

I had this problem today and it turned out that the OLO who provided the WAN circuit to site had changed the MTU to 1468bytes

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents