https://community.cisco.com/t5/network-access-control/after-upgrade-to-2-6-ca-process-not-starting/m-p/3901488#M470818 <P><SPAN>After upgrading to v2.6 on primary node,&nbsp;</SPAN><STRONG>Certificate Authority Service </STRONG><SPAN>is running well. While on secondary node,&nbsp;</SPAN><STRONG>Certificate Authority Service </STRONG><SPAN>cannot initiate.</SPAN></P> <P>&nbsp;</P> <P><SPAN>In v2.4,&nbsp;</SPAN><STRONG>Certificate Authority Service &nbsp;</STRONG><SPAN>was running well on both nodes.</SPAN></P> <P>&nbsp;</P> <PRE class="con-NoMargin hist-break-word">ISE PROCESS NAME STATE PROCESS ID -------------------------------------------------------------------- Database Listener running 2608 Database Server running 119 PROCESSES Application Server running 11194 Profiler Database running 5251 ISE Indexing Engine running 13422 AD Connector running 19174 M&amp;T Session Database running 5013 M&amp;T Log Processor running 11417 Certificate Authority Service initializing EST Service not running SXP Engine Service disabled Docker Daemon running 6395 TC-NAC Service disabled</PRE> <P>We have tried restarting the application many times (stop/start), but same result.</P> <P>&nbsp;</P> <P>We tried this&nbsp;</P> <DIV id="a091C000022Mh15QAC" class="hist-container hist-note con-header-external-note"> <DIV class="detail con-detail-external-note"> <DIV class="hist-preview"> <PRE class="con-NoMargin hist-break-word"> <A title="https://community.cisco.com/t5/identity-services-engine-ise/error-message-quot-est-service-not-running-quot-since-upgrade-to/td-p/3484698" href="https://community.cisco.com/t5/identity-services-engine-ise/error-message-quot-est-service-not-running-quot-since-upgrade-to/td-p/3484698" target="_blank" rel="noopener">https://community.cisco.com/t5/identity-services-engine-ise/error-message-quot-est-service-not-running-quot-since-upgrade-to/td-p/3484698</A></PRE> <P>But customer does not have Plus License to generate CSR. (EST service is also not running).</P> <P>&nbsp;</P> <P>&nbsp;</P> </DIV> </DIV> </DIV> <DIV id="a091C000022Mh1OQAS" class="hist-container hist-note con-header-internal-note"> <DIV class="hist-record-header"> <H1 class="hist-header-text">&nbsp;</H1> </DIV> </DIV> <P>&nbsp;</P> Thu, 01 Aug 2019 14:13:39 GMT ksastoqu 2019-08-01T14:13:39Z https://community.cisco.com/t5/network-access-control/after-upgrade-to-2-6-ca-process-not-starting/m-p/3901488#M470818 <P><SPAN>After upgrading to v2.6 on primary node,&nbsp;</SPAN><STRONG>Certificate Authority Service </STRONG><SPAN>is running well. While on secondary node,&nbsp;</SPAN><STRONG>Certificate Authority Service </STRONG><SPAN>cannot initiate.</SPAN></P> <P>&nbsp;</P> <P><SPAN>In v2.4,&nbsp;</SPAN><STRONG>Certificate Authority Service &nbsp;</STRONG><SPAN>was running well on both nodes.</SPAN></P> <P>&nbsp;</P> <PRE class="con-NoMargin hist-break-word">ISE PROCESS NAME STATE PROCESS ID -------------------------------------------------------------------- Database Listener running 2608 Database Server running 119 PROCESSES Application Server running 11194 Profiler Database running 5251 ISE Indexing Engine running 13422 AD Connector running 19174 M&amp;T Session Database running 5013 M&amp;T Log Processor running 11417 Certificate Authority Service initializing EST Service not running SXP Engine Service disabled Docker Daemon running 6395 TC-NAC Service disabled</PRE> <P>We have tried restarting the application many times (stop/start), but same result.</P> <P>&nbsp;</P> <P>We tried this&nbsp;</P> <DIV id="a091C000022Mh15QAC" class="hist-container hist-note con-header-external-note"> <DIV class="detail con-detail-external-note"> <DIV class="hist-preview"> <PRE class="con-NoMargin hist-break-word"> <A title="https://community.cisco.com/t5/identity-services-engine-ise/error-message-quot-est-service-not-running-quot-since-upgrade-to/td-p/3484698" href="https://community.cisco.com/t5/identity-services-engine-ise/error-message-quot-est-service-not-running-quot-since-upgrade-to/td-p/3484698" target="_blank" rel="noopener">https://community.cisco.com/t5/identity-services-engine-ise/error-message-quot-est-service-not-running-quot-since-upgrade-to/td-p/3484698</A></PRE> <P>But customer does not have Plus License to generate CSR. (EST service is also not running).</P> <P>&nbsp;</P> <P>&nbsp;</P> </DIV> </DIV> </DIV> <DIV id="a091C000022Mh1OQAS" class="hist-container hist-note con-header-internal-note"> <DIV class="hist-record-header"> <H1 class="hist-header-text">&nbsp;</H1> </DIV> </DIV> <P>&nbsp;</P> Thu, 01 Aug 2019 14:13:39 GMT https://community.cisco.com/t5/network-access-control/after-upgrade-to-2-6-ca-process-not-starting/m-p/3901488#M470818 ksastoqu 2019-08-01T14:13:39Z https://community.cisco.com/t5/network-access-control/after-upgrade-to-2-6-ca-process-not-starting/m-p/3903994#M470824 <P>Please try recreating and engaging our ISE ESC team, if needed.&nbsp;CSCvj11319 is not a known issue for ISE 2.6.</P> <P>ISE Plus licenses are not required to run ISE CA services, as to support session exchanges via pxGrid for Cisco subscribers.</P> Tue, 06 Aug 2019 17:32:26 GMT https://community.cisco.com/t5/network-access-control/after-upgrade-to-2-6-ca-process-not-starting/m-p/3903994#M470824 hslai 2019-08-06T17:32:26Z https://community.cisco.com/t5/network-access-control/after-upgrade-to-2-6-ca-process-not-starting/m-p/4002076#M470831 <P>Actually, Plus license is required for internal CA between two ISE nodes.&nbsp; Unfortunately, that does not solve this problem.</P> Fri, 20 Dec 2019 17:54:22 GMT https://community.cisco.com/t5/network-access-control/after-upgrade-to-2-6-ca-process-not-starting/m-p/4002076#M470831 dave.devries 2019-12-20T17:54:22Z https://community.cisco.com/t5/network-access-control/after-upgrade-to-2-6-ca-process-not-starting/m-p/4052744#M559171 <P>So regenerating the ISE root cert will solve the issue?&nbsp;</P><P>Will regenereating the cert impact the registration of the 2 ISE node?</P><P>&nbsp;</P> Thu, 26 Mar 2020 10:27:21 GMT https://community.cisco.com/t5/network-access-control/after-upgrade-to-2-6-ca-process-not-starting/m-p/4052744#M559171 mattvoon91 2020-03-26T10:27:21Z