I'm not sure that I can help you reduce this, but I might be able to shed some light on the issue.
One common cause of such a situation would be that some IdP stops responding to the eduroam-US servers (a timeout occurs). When that happens our servers will mark the proxy server as dead for 60 seconds (our dead time). During that 60 seconds our servers will not forward anything else to the server and any ongoing authentications will end up dying (often rejected as a No response in our log viewer for the SP). This is because EAP requires each server to keep the state of the authentication so failover cannot happen with EAP. The IdP will likely see this as the error you mentioned because the client just disappeared. The real solution to the problem is for IdPs to always respond to all requests (including accounting!). A somewhat workable solution is to use Status-Server requests for those with RADIUS servers that can support them. Chad Bauer eduroam-US Team Member PGP Key ID 0x5A20AE5E On 10/10/19 12:17 PM, Christina Klam wrote: > As many of you have mentioned, the following message is very common in > the ISE logs, "5440 Endpoint abandoned EAP session and started new." > Our logs are full of that message for an clients that eventually joins > one second later. I have noticed that it is far more common for guests > using eduroam on our campus -- where their IDP is another university. > Is there a setting we can make to improve or stop these messages? > > Thank you, > Christina Klam > Network Engineer > Institute for Advanced Study > 1 Einstein Dr > Princeton, NJ 08540 > +1 609-734-8154 > ck...@ias.edu > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire > community list. If you want to reply only to the person who sent the > message, copy and paste their email address and forward the email reply. > Additional participation and subscription information can be found at > https://www.educause.edu/community > ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Description: OpenPGP digital signature