The logs display the following error message: •11007 Could not locate Network Device or AAA Client Resolution Cisco ISE network enforcement points (switches) may be missing key configuration commands, may be assigning the wrong port (i.e., a port other than 1700), or have an incorrect or incorrectly entered key.
Click on the magnifying glass icon in Authentications to launch the Authentication Details.
This article assumes background knowledge in IEEE 802.11 wireless LAN and associated security technologies and the components of a Windows-based authentication infrastructure.
For background information, see Wireless LAN Technologies and Microsoft Windows.
This is actually how most websites will send your credentials.
The entire HTTP request is encrypted while going over the wire.
NET Identity (pre 2.0), the site comes with a Web API.The session event section of the authentication report should have the following lines: •%AUTHMGR-5-FAIL: Authorization failed for client (001b.a912.3782) on Interface Gi0/3 Audit Session ID 0A000A760000008D4C69994E •%DOT1X_SWITCH-5-ERR_VLAN_NOT_FOUND: Attempt to assign non-existent or shutdown VLAN 666 to 802.1x port Fast Ethernet1/9 You can also run the troubleshooting workflow for the authentication.This workflow compares the ACL authentication log that contains RADIUS switch responses with the switch message database.For information about how to troubleshoot wireless connectivity on wireless networks that do not use 802.1X authentication, see Troubleshooting Microsoft Windows XP-based Wireless Networks in the Small Office or Home Office.Troubleshooting Tools in Windows Wireless AP Troubleshooting Tools IAS Troubleshooting Tools Troubleshooting IAS Authentication and Authorization Summary Related Links The tools for troubleshooting wireless connections in Windows XP and Windows Server 2003 are the Network Connections folder and tracing.Troubleshooting Cisco ISE Installation and Network Connection Issues Unknown Network Device Co A Not Initiating on Client Machine Users Are Assigned to Incorrect VLAN During Network Access Sessions Client Machine URL Redirection Function Not Working Cisco ISE Profiler is Not Able to Collect Data for Endpoints RADIUS Accounting Packets (Attributes) Not Coming from Switch Policy Service ISE Node Not Passing Traffic Registered Nodes in Cisco ISE Managed List Following Standalone Reinstallation Primary and Secondary Inline Posture Nodes Heartbeat Link Not Working Licensing and Administrator Access Certificate Expired Configuration and Operation (Including High Availability) Client Machines Are Not Able to Authenticate Users Are Not Appropriately Redirected to URL Cannot Download Remote Client Provisioning Resources Lost Monitoring and Troubleshooting Data After Registering Policy Service ISE Node to Administration ISE Node Cisco ISE Monitoring Dashlets Not Visible with Internet Explorer 8 External Authentication Sources User Authentication Failed Missing User for RADIUS-Server Test Username in Cisco ISE Identities Connectivity Issues Between the Network Access Device (Switch) and Cisco ISE Active Directory Disconnected Cisco ISE Node Not Authenticating with Active Directory RADIUS Server Error Message Entries Appearing in Cisco ISE RADIUS Server Connectivity Issues (No Error Message Entries Appearing in Cisco ISE) Client Access, Authentication, and Authorization Cannot Authenticate on Profiled Endpoint Quarantined Endpoints Do Not Renew Authentication Following Policy Change Endpoint Does Not Align to the Expected Profile User is Unable to Authenticate Against the Local Cisco ISE Identity Store Certificate-Based User Authentication via Supplicant Failing 802.1X Authentication Fails Users Are Reporting Unexpected Network Access Issues Authorization Policy Not Working Switch is Dropping Active AAA Sessions URL Redirection on Client Machine Fails Agent Download Issues on Client Machine Agent Login Dialog Not Appearing Agent Fails to Initiate Posture Assessment Agent Displays "Temporary Access" Cisco ISE Does Not Issue Co A Following Authentication Error Messages ACTIVE_DIRECTORY_USER_INVALID_CREDENTIALS ACTIVE_DIRECTORY_USER_AUTH_FAILED ACTIVE_DIRECTORY_USER_PASSWORD_EXPIRED ACTIVE_DIRECTORY_USER_WRONG_PASSWORD ACTIVE_DIRECTORY_USER_ACCOUNT_DISABLED ACTIVE_DIRECTORY_USER_RESTRICTED_LOGON_HOURS ACTIVE_DIRECTORY_USER_NON_COMPLIANT_PASSWORD ACTIVE_DIRECTORY_USER_UNKNOWN_DOMAIN ACTIVE_DIRECTORY_USER_ACCOUNT_EXPIRED ACTIVE_DIRECTORY_USER_ACCOUNT_LOCKED_OUT ACTIVE_DIRECTORY_GROUP_RETRIEVAL_FAILED ACTIVE_DIRECTORY_MACHINE_AUTHENTICATION_DISABLED ACTIVE_DIRECTORY_ATTRIBUTE_RETRIEVAL_FAILED ACTIVE_DIRECTORY_PASSWORD_CHANGE_DISABLED ACTIVE_DIRECTORY_USER_UNKNOWN ACTIVE_DIRECTORY_CONNECTION_FAILED ACTIVE_DIRECTORY_BAD_PARAMETER ACTIVE_DIRECTORY_TIMEOUT Troubleshooting APIs Contacting the Cisco Technical Assistance Center This appendix addresses several categories of troubleshooting information that are related to identifying and resolving problems that you may experience when you use Cisco Identity Services Engine (ISE).