Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2968
Views
0
Helpful
5
Replies

ISE BYOD Error: "We are unable to determine access privileges" on redirect

bkepford1
Level 1
Level 1

‎08-01-2012 09:17 AM - edited ‎03-10-2019 07:22 PM

     I am running ISE 1.1.1 and have gone through the design guide and setup the certificate based wireless authentication and device registration process using the ISE as a SCEP proxy for handing out certificates.  On the device registration portal instead of showing the device MAC the policy services node MAC shows up and I get an error that says "We are unable to determine access privileges in order to access the network. Please contact your adiminstrator."

The an hour later I can connect just fine. The authentication logs on ISE are exactly the same in both cases. So it seems like a bug I opened a TAC case but am also posting here.

Labels:
Preview file
302 KB
0 Helpful
5 Replies 5

Tarik Admani
VIP Alumni
VIP Alumni

‎08-01-2012 09:22 AM

Hi,

I noticed this if I was going to a cached page. If I browse to a new page that hasnt been redirected like google, then ebay, or espn it works fine. I saw this only once, but i havent tried it an a couple days since then.

Good luck.

Tarik Admani
*Please rate helpful posts*

0 Helpful

Steven Barrios
Level 1
Level 1
In response to Tarik Admani

‎08-03-2012 09:48 AM

I am seeing this a lot.  Tarik, I took your advice and tried to go to a new page instead of one that could be cached, but it didn't help...

Curiously, the ISE server's mac address is filled in when I get this error.

If TAC gets you an answer please do share...

0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni
In response to Steven Barrios

‎08-03-2012 10:01 AM

I havent opened a TAC case and havent seen this issue since when i first set this up.

Can you go to your devices portal (https://ipofise:8443/mydevices) login using your credentials and see if the device is registered or the status is set to lost. I would suggest deleting if it is there and try going through the process again.

Thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful

bkepford1
Level 1
Level 1

‎08-03-2012 10:08 AM

After the registration process goes through which it eventually does it receives a certificate and then authenticated with EAP-TLS and I don't get the message.

The MAC shown is the policy services node.

0 Helpful

Roberto.Carmona
Level 1
Level 1

‎11-08-2012 12:07 PM

Hey bkepford, I'm having the same issue as you. I got the same error when I log in into the guest portal. Did you found a solution for this?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents