Symptoms
Guest sponsor Portal account users cannot create/modify guest accounts. This is impacting all Guest users.
It says "An unexpected error has occurred"
Diagnosis
We have verified ISE config and everything looks fine.
We attempted to use a different browser, but the issue persisted.
Eventually, we identified that DigiCert had updated their root CA, which was missing from the ISE trusted certificate store. As a result, after replacing the Admin certificate, the Secondary Administration Node (SAN) no longer trusted the Primary PAN (PPAN), leading to internode communication failures.
Solution
- Reverted to the old Admin certificate.
- The ISE Root CA certificate and the Internal Management System (IMS) certificate were successfully renewed.
- The AD join point was successfully reconnected following the re-entry of domain credentials.
- Observed that the 'Sponsor Managed Account' feature became available again, indicating that the related services and configurations were restored successfully.
- The Admin and Portal certificates on the Primary PAN (PPAN) were successfully renewed, ensuring secure access to the administrative and guest portals.
Following the implementation of the recommended changes, the issue was resolved, and sponsor users regained the ability to create and modify guest accounts.
Thanks.
