Short checklist related to troubleshooting BYOD failures from Cisco.
On the ISE side enable ISE debug logging. Complete these steps in order to view the ISE log:
- Navigate to Administration > Logging > Debug Log Configuration, and select the appropriate ISE policy node.
- Set the client and provisioning logs to debug or trace, as described. client (guest.log)
client-webapp (guest.log)
scep (ise-psc.log)
ca-service (ise-psc.log)
admin-ca (ise-psc.log)
runtime-AAA (prrt-server.log)
nsf (ise-psc.log)
nsf-session (ise-psc.log)
profiler (profiler.log) - Reproduce the problem and document relevant seed info in order to facilitate searching, such as MAC, IP, and user.
- Navigate to Operations > Download Logs, and select the appropriate ISE node.
- On the Debug Logs tab, download the logs identified above to the desktop.
- Use an intelligent editor, such as Notepad ++ in order to parse the log files.
- When the issue has been isolated, then return the log levels to the default level.
On the client side, the following is log locations based on device type:
Android:
- Look for /sdcards/downloads/spw.log file in order to view the client-side logs for Android applications.
Windows:
- Look for %temp%\spwProfileLog.txt (ex: C:\Users\admin\AppData\Local\Temp\spwProfileLog.txt) in order to view the client-side logs.
MAC OSX:
- Use the Console application, and look for the SPW process and System.log file.
iOS:
- For Apple iOS, use the iPhone Configuration Utility (iPCU) in order to view messages.
Table below reflects BYOD certificate store based on endpoint platform.
