Cisco Bug: CSCun97251 - ISE 1.1.4 cannot find machine with DNS suffix not on DC Groups
Jun 09, 2016
- Cisco Identity Services Engine
Known Affected Releases
Symptom: Machine Authentication fails on several clients from time to time. Problem occurs from time to time, in the ISE report we can see "22056 Subject not found in the applicable identity store(s)" and "5411 No response received during 120 seconds on last EAP message sent to the client" as the reason for failure. Conditions: Due to a disjoint namespace problem, machine authentication on 802.1x over a AD Server may fail if the SPN being used by the suplicant contains a DNS suffix which does not exist on the Domain Controller Group List. 802.1x machine suplicant sending full qualify hostname during authentication process inclusing a DNS suffix which does not exist on the Domain Controller Groups list.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases