ISE 1.2 Patch 12

Unanswered Question
Nov 3rd, 2014
User Badges:

Hi all,

 

I upgraded from ISE 1.2 patch 6 to 1.2 patch 12 to fix an ISE portal bug over the weekend.

 

None of my Guest Wireless users are complaining, authentication is working fine. But the below error is appearing for every Guest user session under ISE/Operations/Live Authentications.

 

"5441 Endpoint started new session while the packet of previous session is being processed. Dropping new session"

 

Is anyone aware of a bug possibly and I guess you need to upgrade to 1.3.x

I would've thought Cisco would bring out a fix for this in 1.2.x....maybe patch 13 (new bug?)

 

Any info out there about 5441 before I log a TAC?????

 

Thanks.

 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mohanak Mon, 11/03/2014 - 02:10
User Badges:
  • Gold, 750 points or more
No event for failure reasons 5440/5441: Endpoint started a new session..
stephendrkw Mon, 11/03/2014 - 02:24
User Badges:

I can't view details of bug CSCuh86885 via the Cisco bug search tool. Can you please paste all the info in this thread for me.

 

Thanks

cisartomas Tue, 11/04/2014 - 05:55
User Badges:

We have same problem - After upgrade of Cisco ISE to 1.2 patch 12 (previous was patch 9) this message started to appear.... 

Our scenario - LAN 802.1x - authentication FAST with eap chaining..

Machine authentication via certificate - no error message appears

User authentication (chaining) -

 two messages appears -

 

5413 RADIUS Accounting-Request dropped

5441 Endpoint started new session while the packet of previous session is being processed. Dropping new session.

We have rolled back to patch 11 - and everything looks fine (no error message)

There is something wrong with the patch 12. – it looks that only user authentication is affected

 

see in the attachment....

Attachment: 
Christopher Calhoun Thu, 11/13/2014 - 05:00
User Badges:

Having the same issue here on Patch 12 after applying fix patch

Dashboard and client counts are all going down and becoming inaccurate.

WLAN and LAN with 802.1x

Event5413 RADIUS Accounting-Request dropped
Failure Reason

5441 Endpoint started new session while the packet of previous session is being processed. Dropping new session.

We had applied this patch to get current with the BASH vulnerability.

Please post the contents of the bug listed above.

Thanks,

Chris

stephendrkw Thu, 11/13/2014 - 05:47
User Badges:

I received an email from Sac Support @Cisco not long after I posted this discussion, Cisco are investigating the issue at the moment, I've asked for an update.

 

If no response I'll log a TAC and update this thread when I find out more......I'm hoping for patch 13 soon!

cisartomas Thu, 11/13/2014 - 05:58
User Badges:

I have opened a TAC case. Right now, as you said, Cisco investigate my logs from switch and ISE. We will see...

cisartomas Wed, 11/19/2014 - 00:46
User Badges:

I got a confirmation from Cisco TAC. We are hitting the Bug ID CSCur35455 in our deployment. Bug description is not customer visible yet.  Based on the Cisco, this bug is quite "Deployment specific" and other ISE deployments does not have the same issue. Fix will be released in patch 13.

stephendrkw Wed, 11/19/2014 - 01:40
User Badges:

sounds like we might have to wait till next year...at least Cisco have identified the bug

Bransomar Tue, 12/09/2014 - 12:54
User Badges:

FYI -I have upgraded to ISE 1.3 and am still getting these errors.  Any new info?

 

thx

sandeep patil Mon, 02/23/2015 - 08:04
User Badges:

HI - I have Cisco ISE running on version 1.3 and getting errors for 5440 with endpoint initiates a new session. Can anyone please confirm that this is just a cosmetic bug and not affecting authentications? 

Thanks,

Sandeep

Bastien Migette Thu, 11/13/2014 - 06:40
User Badges:
  • Cisco Employee,

Hello,

 

Regarding:

CSCuh86885    No event for failure reasons 5440/5441: Endpoint started a new session.

This bug is basically cosmetic. This means there is no event associated when error 5440 / 5441 are triggered, but that has nothing to do with why those error are triggered.

I am working on a TAC case with Tomas. I or He will post the result once we come to any conclusion.

Christopher Calhoun Fri, 11/14/2014 - 10:09
User Badges:

Any updates? I am not so sure it is cosmetic. I have clients failing to make it through the flow. I am seeing the following on these clients requests:

 

It would appear that because the accounting data doesn't get back it, there is confusion that the session doesn't exist and the auth fails.

 

Event5400 Authentication failed
Failure Reason12953 Received EAP packet from the middle of conversation that contains a session on this PSN that does not exist
ResolutionVerify known NAD issues and published bugs. Verify NAD configuration. Turn debug log on DEBUG level to troubleshoot the problem.
Root causeSession was not found on this PSN. Possible unexpected NAD behavior. Session belongs to this PSN according to hostname but may has already been reaped by timeout. This packet arrived too late.
cisartomas Tue, 12/30/2014 - 02:29
User Badges:

Cisco has released patch 13 for ISE 1.2. And the problem was solved. One point - every node in cluster (or standalone) rebooted after patch was applied. This is quite change, because previous patches for ISE 1.2 only disable/enable services.

 

 

stephendrkw Fri, 01/02/2015 - 08:50
User Badges:

Hi cisartomas, thanks for updating us.

One thing Cisco identified this bug as CSCuh86885 (as in this thread Bistein Migette who I have dealt with in previous TAC calls).

I'm looking through the latest release notes updated 23rd December under 1.2 resolved caveats I can't see big fix for CSCuh86885?

Can you let me know where this fix is listed under the latest release notes....maybe CSCur35455?

thanks.

cisartomas Thu, 01/22/2015 - 05:15
User Badges:

Hi i got the information about the bug id from TAC. Here is the part of the communication :

 

This has been confirmed that you hit CSCur35455 - Too many accounting request are dropped with message 5441.
This is fixed in patch 13 that is due end of december. I have made this bug customer visible, so it should be found in Cisco's bug toolkit in a couple of days.

Then YES, its BugID CSCur35455.

 

TC.

Abraham Camacho Wed, 02/04/2015 - 11:29
User Badges:
  • Bronze, 100 points or more

Hi Bastien, I upgraded recently my deployment to version 1.2.1.198 patch 3 and I saw the following error message as well:

 5440 Endpoint abandoned EAP session and started new

 

Did you get any information from TACÉ

 

thanks

Actions

This Discussion

 

 

Trending Topics - Security & Network