My set up is foreign-anchor with ISE PSN for Guest in the DMZ. Replication/Sync is ok between the Admin node and Policy node in the DMZ. ISE version is 2.4
I am able to self-register and Sponsor approves. Guest then gets an Email, but is unable to login,as message says Authentication Failed. Problem is that not enough information is given as to what Identity Store ISE is checking.
I have poured through tons of capture and logs, yet nothing to find. The only relevant information I got from a capture was a COAck from the Foreign WLC to PSN, after the Dynamic Authorization from ISE, with Error 101 - Unknown(200).
I can see from the CWA that the right Guest Portal was presented during Self-registration and the portal has Guest_Portal_Sequence, which only contains Guest Users, Internal Endpoint and Internal users.
This is really baffling, as I have deployed Foreign-Anchor setup before in different organizations and never faced such issue.
