Skip to main content
Question

Installing config profile / WiFi issues using Cisco ISE


Forum|alt.badge.img+12
  • Contributor
  • 288 replies

I'm installing a config profile that pulls down AD machine certs and connects to our wifi.

On some machines, the cisco ise server returns "Endpoint abandoned EAP session and started new" and will fail out. On the client machine, if I delete the SSID from the preferred network list, manually connect and use the same certificate that the config profile pushes out, it'll connect successfully.

Any idea why some clients will connect and others won't?

6 replies

Forum|alt.badge.img+11
  • Contributor
  • 225 replies
  • May 1, 2017

What type of template are you using for your AD Cert?


Forum|alt.badge.img+12
  • Author
  • Contributor
  • 288 replies
  • May 1, 2017

We're using computer certificates.

On an affected machine, I tried deleting the SSID that the config profile puts in there, then manually connecting and manually selecting the certificate that was requested and it connects to wifi. It leads me to believe it's not liking something about the .mobileconfig.

The strange thing is that our old configuration profile has the same exact settings but with a different SSID and those never received the same error.


Forum|alt.badge.img+11
  • Contributor
  • 225 replies
  • May 1, 2017

I would check the EAP Timers on the Wireless Lan controller, may have to adjust the timeout setting. I think it maxes like 120 or something.


Forum|alt.badge.img+12
  • Author
  • Contributor
  • 288 replies
  • May 1, 2017

I'm having our network team open a case with Cisco. I also mentioned your suggestion. Thanks.


Forum|alt.badge.img+12
  • Author
  • Contributor
  • 288 replies
  • May 1, 2017

Is there a way of checking to see which certificate is being used when connecting to an SSID? The configuration profile is set to use the "AD Certificate" to authenticate, but I wanted to validate it.

If i remove the SSID from the preferred network and pick the cert that was generated from the .mobileconfig, i'm able to connect.


Forum|alt.badge.img+12
  • Author
  • Contributor
  • 288 replies
  • May 2, 2017

Since I know the new cert works if I manually do it -- does anyone know how I can script assigning that cert to use for the SSID?

I'm assuming I'd have to be looking into the "security" command.

Nevermind, I figured it out using.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings