cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
777
Views
10
Helpful
19
Replies
Beginner

ISE Guest Authorization page not displaying

All

i recently renewed the certificate in my ISE running version 2.0.0.306  ADE-OS version 2.3.0187, before I had renewed it it worked fine until the cert expired. I was able to get the new one in and now when a guest tries to use the Guest wireless that guest is redirected to the

https://ISE:8443/portal/gateway/sessionid=

But it says the ISE refused to connect.

I have never worked with an ISE device before, so can anyone point me in the right direction?

19 REPLIES 19
Highlighted
Beginner

Re: ISE Guest Authorization page not displaying

I know that this is an old post, but I am having the same problem. Has there been a resolution to this?
ajc Frequent Contributor
Frequent Contributor

Re: ISE Guest Authorization page not displaying

Could you please elaborate a little bit more about your issue. What ISE Version are you running?, How many PSN's you have, are you using load balancer?, Did you make any recent change?. With all those answers I could give you some help

ajc Frequent Contributor
Frequent Contributor

Re: ISE Guest Authorization page not displaying

I experienced an issue in the past when I changed the certificate that was used by the PORTALS/Guest SSID (CWA or LWA). It was related to a bug on ISE 2.2 and that's why I am asking you for more information. In any case, once you uploaded the new certificate and assigned it to the PORTAL pages, did you check that those PORTALS actually were using it?.

Beginner

Re: ISE Guest Authorization page not displaying

We are running version 2.0.0.306 in a standalone environment. We had a cert that was applied to the EAP Authentication and Default portal certificate group that was expiring last week. I had purchased a globalsign EV cert that had the FQDN for the ISE server as well as a secondary FQDN for the guest portal. 

After applying that cert, we began running into problems with android not containing the required intermediate cert for the EV SSL cert that we purchased. I then had an OV cert with the same set of FQDNs and I was going to migrate the EAP Authentication and Default portal certificate group to that new cert.

 

Once I migrated to the new cert the Guest Portal as well as the my devices portal were inaccessible. Upon further investigating I found that the port "8443" was no longer open on ISE. If I migrated back to the EV cert the portals are accessible, but the android portal redirect fails as they don't contain the intermediate cert.

 

I have tried deleting and importing the cert again as well as having ONLY the new OV cert installed with no luck.

 

Any help is appreciated!

 

TLDR: When applying the default portal certificate group to the OV cert, the portals become inaccessible.

ajc Frequent Contributor
Frequent Contributor

Re: ISE Guest Authorization page not displaying

If I am not wrong the version you are running is a buggy one. I would eventually move into at least 2.2 patch 9. In any case I still need more info. Let me provide you some screenshots for testing. QUESTION: Are you using CWA or LWA?. Is this a WIRELESS Network, right?
Beginner

Re: ISE Guest Authorization page not displaying

It probably is the "buggy" one haha. It has been a problem since I started here in August. 

This is the 802.1x authentication on both our Wired and Wireless networks. It appears we are using Centralized Web Auth under the portal redirect.

 

I actually have an ISE 2.2.0.470 server that is spun up and is pending a few changes prior to migrating to that server. The biggest problem is migrating everything on campus over without impacting users.

 

Edit: Added that we are using CWA

ajc Frequent Contributor
Frequent Contributor

Re: ISE Guest Authorization page not displaying

From a wired laptop using a Chrome Browser, run a test on the GUEST Portal as indicated next from the ISE Node.

 

ISEPIC2.png

 

 

You should get a page like the following with an URL similar to this. Post the results.

 

https://ISE-PSN-IP:8443/portal/PortalSetup.action?portal=10be2e90-8001-11e5-b027-3440b5d4e810

 

ISEPIC4.png

 

 

 

 

 

 

 

 

 

 

 

Beginner

Re: ISE Guest Authorization page not displaying

After making the cert change, when you test the guest portal I receive "INET_E_RESOURCE_NOT_FOUND".

When attempting to connect to the guest network through the portal, I receive a "Connection Refused" error.

ajc Frequent Contributor
Frequent Contributor

Re: ISE Guest Authorization page not displaying

Check my previous screenshots, I want to certify that using ISE IP instead of FQDN you can display the GUEST PORTAL. After posting the results, I would provide you more verification steps/screenshots

Beginner

Re: ISE Guest Authorization page not displaying

The result I get is below...IP address has been removed for security.

https://x.x.x.x:8443/portal/PortalSetup.action?portal=a7054590-819c-11e5-97a5-000c299c31b4
ajc Frequent Contributor
Frequent Contributor

Re: ISE Guest Authorization page not displaying

Is the PORTAL properly displayed as my screenshot example
Beginner

Re: ISE Guest Authorization page not displaying

ISEGuestPortal.JPGWhen I open an SSH console to the ISE and do a "Show Ports", the port 8443 is no longer open when the portals are applied to this Cert.

ajc Frequent Contributor
Frequent Contributor

Re: ISE Guest Authorization page not displaying

Check my previous of the GUEST Portal, you will see port 8443. Compare with your GUEST Portal configuration.

 

 

Beginner

Re: ISE Guest Authorization page not displaying

No changes have been made.

GuestPortalConfig.JPG

CreatePlease to create content
Content for Community-Ad
June's Community Spotlight Awards