Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ISE 1.2 Patch 12

Hi all,

 

I upgraded from ISE 1.2 patch 6 to 1.2 patch 12 to fix an ISE portal bug over the weekend.

 

None of my Guest Wireless users are complaining, authentication is working fine. But the below error is appearing for every Guest user session under ISE/Operations/Live Authentications.

 

"5441 Endpoint started new session while the packet of previous session is being processed. Dropping new session"

 

Is anyone aware of a bug possibly and I guess you need to upgrade to 1.3.x

I would've thought Cisco would bring out a fix for this in 1.2.x....maybe patch 13 (new bug?)

 

Any info out there about 5441 before I log a TAC?????

 

Thanks.

 

16 REPLIES
Cisco Employee

No event for failure reasons

No event for failure reasons 5440/5441: Endpoint started a new session..
CSCuh86885
New Member

I can't view details of bug

I can't view details of bug CSCuh86885 via the Cisco bug search tool. Can you please paste all the info in this thread for me.

 

Thanks

New Member

We have same problem - After

We have same problem - After upgrade of Cisco ISE to 1.2 patch 12 (previous was patch 9) this message started to appear.... 

Our scenario - LAN 802.1x - authentication FAST with eap chaining..

Machine authentication via certificate - no error message appears

User authentication (chaining) -

 two messages appears -

 

5413 RADIUS Accounting-Request dropped

5441 Endpoint started new session while the packet of previous session is being processed. Dropping new session.

We have rolled back to patch 11 - and everything looks fine (no error message)

There is something wrong with the patch 12. – it looks that only user authentication is affected

 

see in the attachment....

Having the same issue here on

Having the same issue here on Patch 12 after applying fix patch

Dashboard and client counts are all going down and becoming inaccurate.

WLAN and LAN with 802.1x

Event5413 RADIUS Accounting-Request dropped
Failure Reason

5441 Endpoint started new session while the packet of previous session is being processed. Dropping new session.

We had applied this patch to get current with the BASH vulnerability.

Please post the contents of the bug listed above.

Thanks,

Chris

New Member

I received an email from Sac

I received an email from Sac Support @Cisco not long after I posted this discussion, Cisco are investigating the issue at the moment, I've asked for an update.

 

If no response I'll log a TAC and update this thread when I find out more......I'm hoping for patch 13 soon!

New Member

I have opened a TAC case.

I have opened a TAC case. Right now, as you said, Cisco investigate my logs from switch and ISE. We will see...

New Member

I got a confirmation from

I got a confirmation from Cisco TAC. We are hitting the Bug ID CSCur35455 in our deployment. Bug description is not customer visible yet.  Based on the Cisco, this bug is quite "Deployment specific" and other ISE deployments does not have the same issue. Fix will be released in patch 13.

New Member

sounds like we might have to

sounds like we might have to wait till next year...at least Cisco have identified the bug

New Member

FYI -I have upgraded to ISE 1

FYI -I have upgraded to ISE 1.3 and am still getting these errors.  Any new info?

 

thx

New Member

HI - I have Cisco ISE running

HI - I have Cisco ISE running on version 1.3 and getting errors for 5440 with endpoint initiates a new session. Can anyone please confirm that this is just a cosmetic bug and not affecting authentications? 

Thanks,

Sandeep

Cisco Employee

Hello, Regarding:CSCuh86885  

Hello,

 

Regarding:

CSCuh86885    No event for failure reasons 5440/5441: Endpoint started a new session.

This bug is basically cosmetic. This means there is no event associated when error 5440 / 5441 are triggered, but that has nothing to do with why those error are triggered.

I am working on a TAC case with Tomas. I or He will post the result once we come to any conclusion.

Any updates? I am not so sure

Any updates? I am not so sure it is cosmetic. I have clients failing to make it through the flow. I am seeing the following on these clients requests:

 

It would appear that because the accounting data doesn't get back it, there is confusion that the session doesn't exist and the auth fails.

 

Event5400 Authentication failed
Failure Reason12953 Received EAP packet from the middle of conversation that contains a session on this PSN that does not exist
ResolutionVerify known NAD issues and published bugs. Verify NAD configuration. Turn debug log on DEBUG level to troubleshoot the problem.
Root causeSession was not found on this PSN. Possible unexpected NAD behavior. Session belongs to this PSN according to hostname but may has already been reaped by timeout. This packet arrived too late.
New Member

Cisco has released patch 13

Cisco has released patch 13 for ISE 1.2. And the problem was solved. One point - every node in cluster (or standalone) rebooted after patch was applied. This is quite change, because previous patches for ISE 1.2 only disable/enable services.

 

 

New Member

Hi cisartomas, thanks for

Hi cisartomas, thanks for updating us.

One thing Cisco identified this bug as CSCuh86885 (as in this thread Bistein Migette who I have dealt with in previous TAC calls).

I'm looking through the latest release notes updated 23rd December under 1.2 resolved caveats I can't see big fix for CSCuh86885?

Can you let me know where this fix is listed under the latest release notes....maybe CSCur35455?

thanks.

New Member

Hi i got the information

Hi i got the information about the bug id from TAC. Here is the part of the communication :

 

This has been confirmed that you hit CSCur35455 - Too many accounting request are dropped with message 5441.
This is fixed in patch 13 that is due end of december. I have made this bug customer visible, so it should be found in Cisco's bug toolkit in a couple of days.

Then YES, its BugID CSCur35455.

 

TC.

Hi Bastien, I upgraded

Hi Bastien, I upgraded recently my deployment to version 1.2.1.198 patch 3 and I saw the following error message as well:

 5440 Endpoint abandoned EAP session and started new

 

Did you get any information from TACÉ

 

thanks

1805
Views
0
Helpful
16
Replies
CreatePlease to create content