It appears that our ISE 1.2 solution is having issues with nested MS AD Groups. The first login attempt always fails, the second occasionally works and the third always works. Has anyone else experience this login issues with ISE 1.2 and MS AD?
When you look at the authentication details do you see the groups listed in the additional attributes? Also are there any other condition such as endpoint groups in combination with the authorization policy. Can you provide a screenshot od your policies?
I am a little lost in the screenshots you posted. In your AD groups that you have pulled I dont see an authorization policy mapped to the first group. In the authentication report it looks like authentication is successfull.
I have seen that ISE will only display a few of the groups now in ISE 1.2 can you build a policy based on the the group you want it to show and then try your authentication again? That is when ISE will show the specific group as opposed to ise pre 1.2 where it would show more groups.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...