Re: MacBook BYoD on-boarding issue: SPW Fails Profile download to MacBook

Scott Gillies · ‎10-12-2017

Hi

Hoping someone can help.

MacBook Air running macOS Sierra 10.12.6.

I have a very frustrating issue with ISE 2.2 (patch 3).

When I run the downloaded Cisco Supplicant Provisioning Wizard (SPW) (MacOsXSP version 2.1.0.42) file it fails with "An SSL error has occured and a secure connection to the server cannot be made." and then quickly changes to "Unable to download Profile".

This is happening on 2 seperate ISE deployment, one standalone and one distributed. Other devices on-board ok. Certs on the distributed system are VeriSign signed.

Having the same problem on 2 different MacBooks

Any ideas before I raise a TAC?

netops500 · ‎11-02-2017

has anyone found a resolution for this issue?

jacob.fredriksson · ‎11-03-2017

I would go look if there's a new SPW package for MacOS available in ISE. There could be differences in your MacOS version that requires a newer SPW version.

Scott Gillies · ‎11-08-2017

Tried the latest SPW - MacOsXSPWizard 2.3.0.43 - and this also fails with the same.

netops500 · ‎11-08-2017

New with Mac high sierra is ATS (App Transport Security) which requires the App to support best practice HTTPS security which could be modified (but not recommended) in the Info.plist file on the mac. I tried the latest SPW also with the same results you had.

Scott Gillies · ‎11-08-2017

SOLVED: When the SPW connects to the ISE it does this over port 8905 and uses the PSN Admin certificate (there can only be one Admin tagged cert) to validate the SSL connection. I both my cases the Admin tagged certificate was self-signed which the MacBook does not like. The Admin tagged cert has to be signed by a (public preferably) Certificate Authority (CA).

Either change the Admin tag to another signed cert (just a tick-box on the cert exercise then the ISE reboots) or have your Admin tagged cert signed by a CA.