Common Issues following ISIS IP Security Change implementation
This document is for campus developers and helpdesks to address the issue of users having trouble logging into applications due to IP address security conflict.
We implemented the ISIS IP Security change on Sunday, 9/7. It is working for most users and applications with a few exceptions. Here is a list of common problems reported so far and how to address them:
Users in mednet have problems logging into applications outside
Mednet network configuration is such that, user ip address visible to outside applications is different from ip address ISIS sees at the time of login. This causes IP address conflict during verifySession and hence 604010 error.
We anticipated that people inside mednet will have this problem. Prior to implementation we requested applications to contact us if they had users in mednet. Some teams did and we took some proactive steps to list these applications for mednet users. Affected applications are those who didn't realize the impact of this change.
Solution:
If it is a mednet user having problem logging into your application contact AIS and provide your appid(s). We can whitelist your applications for mednet.
It is possible that applications listed with us could still see the problem for mednet users. Mednet has a huge network and there may be few within mednet we still don't know about. Contact AIS so we will work with mednet to identify and whitelist the new ones.
Some applications may not be handling ISIS error codes properly.
For ex, 904099 is only a warning, should not be treated as a fatal error. Please refer to How to Handle ISIS IP Security change.
We will collect the details from application groups during the day and update the listing once a day. Please note our changes are scheduled to go in at 4:30 pm everyday.
When you contact AIS please provide user logon id, ticket, app id.
We realize this is inconvenient, but the increased security gained is paramount.