Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Error when trying to install windows network assistant for self provisioning

im trying to test windows self provisioning using the windows supplicant on ISE v 1.1.3 with a windows 8 laptop

I get the redirection page and can  launch the installer. I accept the cert prompts when prompted by the installer.  The network assistant keeps failing half way through with the message "secure access configuration for the SSID network failed"

Anyone else seen this?

i have tried all 4 wizards available 1.0.0.22/23/33/34 and cannot get past this error

Everyone's tags (2)
15 REPLIES
Cisco Employee

Error when trying to install windows network assistant for self

This reminds me of:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCud05296

1.0.0.26 should have the fix, open up a TAC case, we need to look into this. 
Community Member

Error when trying to install windows network assistant for self

Thanks Marcin, its actually a proof of concept we are doing on behalf of Cisco for a customer, i will need to get our Cisco rep to verify we can tac this.

is that version 1.0.0.26 available to download? I cant see it on the download portal on ise or the Cisco website?


Cisco Employee

Error when trying to install windows network assistant for self

Brian,

.34 should contain fix to what I was indicating (AFAIU). As I said - my suggestion is to dig into this via a TAC case.

M.

Community Member

Error when trying to install windows network assistant for self

find the file and go through the page 624 to 625 & 866 to 868 the step may help you to address the solution.

http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_ug.pdf

Community Member

Error when trying to install windows network assistant for self

Hi Basant, i think the setup should be fine regarding those pages you suggested. we have apple ipads and iphone which can register fine

Community Member

Error when trying to install windows network assistant for self

Can you post the authentication logs for the device? That may be helpful.

Community Member

Error when trying to install windows network assistant for self

Theres the screenshot

Community Member

Re: Error when trying to install windows network assistant for s

ise logs attached. not much there it just shows that I get stuck at the redirect to enroll as the assistant crashes. Il get a tac logged today also.

Error when trying to install windows network assistant for self

Hi,

Can you post screenshots of your windows and apple-ios supplicant provisioning profiles. Also there is a document that was written that forces java crl checks. See if this doc provides any use.

https://supportforums.cisco.com/docs/DOC-35333

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
Community Member

Re: Error when trying to install windows network assistant for s

Thanks Tarik, i can get through the java browser prompts ok and accept them. screen shots below. I am going to log a tac and see what happens. i will report back.

Re: Error when trying to install windows network assistant for s

Brian,

Can you break apart your native supplicant profiles into separate policies for windows, apple, and android. I am curious to see if that changes your results. I also see that the name isnt appearing as well in the screenshot you provided. Set the OS to windows ALL. There is a bug for windows 8 users that seems to be solved with the ise 1.2 release notes and the SPW.

http://www.cisco.com/en/US/docs/security/ise/1.2/release_notes/ise12_rn.html#wp378491

thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
Community Member

Re: Error when trying to install windows network assistant for s

Brian,

Are you using SCEP for certificate enrollment?

Community Member

Re: Error when trying to install windows network assistant for s

Hi All,

Turned out to be an ACL issue. Someone else set it up before me so they can take the blame!

The tac engineer setup a rule to allow any any outbound from the wlc towards the client. It was mainly to allow ports 8905 and 8909 talk back to the endpoint.

He also pointed me towards this file %temp%\spwProfileLog.txt which logs the setup assistant installer in case anyone else has issues..

Thanks for all the help guys

Community Member

Hi brianpmcp !I have problem

Hi brianpmcp !

I have problem the same with you. I checked my ACL have rule allow any any outbound from WLC.

172.16.2.212 is my ise.

but when connect to open SSID (Mac filtering) and run cisco network setup assitant have error the same your error.

when I check spwprofileLog.

  

[Mon Sep 15 15:57:44 2014] Warning - [HTTPConnection] InternetOpen() failed with code: [12038]
[Mon Sep 15 15:57:44 2014] Warning - [HTTPConnection] Abort the HTTP connection due to invalid certificate CN

[Mon Sep 15 15:57:44 2014] HttpWrapper::SendScepRequest - Retrying: [1] time, after: [4] secs , Error: [2]
[Mon Sep 15 15:57:48 2014] Warning - [HTTPConnection] InternetOpen() failed with code: [12038]
[Mon Sep 15 15:57:48 2014] Warning - [HTTPConnection] Abort the HTTP connection due to invalid certificate CN

[Mon Sep 15 15:57:48 2014] HttpWrapper::SendScepRequest - Retrying: [2] time, after: [4] secs , Error: [2]
[Mon Sep 15 15:57:53 2014] Warning - [HTTPConnection] InternetOpen() failed with code: [12038]
[Mon Sep 15 15:57:53 2014] Warning - [HTTPConnection] Abort the HTTP connection due to invalid certificate CN

[Mon Sep 15 15:57:53 2014] HttpWrapper::SendScepRequest - Retrying: [3] time, after: [4] secs , Error: [2]
[Mon Sep 15 15:57:57 2014] Warning - [HTTPConnection] InternetOpen() failed with code: [12038]
[Mon Sep 15 15:57:57 2014] Warning - [HTTPConnection] Abort the HTTP connection due to invalid certificate CN

[Mon Sep 15 15:57:57 2014] Failed to get certificate from server - Error: [2]

[Mon Sep 15 15:57:57 2014]  Failed to generate scep request. Error code: [0]
[Mon Sep 15 15:57:57 2014] ApplyCert - End...
[Mon Sep 15 15:57:57 2014] Failed to configure the device.
[Mon Sep 15 15:57:57 2014] ApplyProfile - End...

Can you help me fix error.

Thanks !

profile

ACL

Community Member

By any chance are you using

By any chance are you using two certificate groups, one with a public cert for guest, byod, blacklist, etc. and one with a private cert for admin, mydevices, sponsor?

3732
Views
5
Helpful
15
Replies
CreatePlease to create content