https://community.cisco.com/t5/network-access-control/cisco-ise-disconnected-node/m-p/4747188#M579036 <P>what is the version of ISE -&nbsp; is this a Local CA or signed by the Public CA Server?</P> <P>is the Certs used before from the same CA, or is the Local CA changed and generated a wildcard?</P> <P>if the local CA changed you need to add root CA to ISE to trust.</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215621-tls-ssl-certificates-in-ise.html" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215621-tls-ssl-certificates-in-ise.html</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Sat, 31 Dec 2022 17:47:44 GMT balaji.bandi 2022-12-31T17:47:44Z https://community.cisco.com/t5/network-access-control/cisco-ise-disconnected-node/m-p/4747187#M579035 <P>ISE Nodes in deployment dissconnected after change self signed certificate to CA wildcard certificate .</P><P>when i tried to register ise i got below error, can some one help me to solve it please.</P><P>Unable to authenticate ISE (xxxise) Please check certificate configuration.<BR />Make sure from 'Primary Admin node', system certificate chain of registering node is present in 'Trusted certificates' and is enabled with 'Trust for authentication within ISE' option selected</P><P>1 Deregister and register incomplete due to above error .<BR />2 Sync icon do not working .<BR />3 CA wildcard certificate present in system certificates on all nodes , and in Trusted in primary node .<BR />4 As i understand need to have the Root CA certificate in Trusted certificates. can someone correct me if i am wrong?</P><P>&nbsp;</P><P>BR</P> Sat, 31 Dec 2022 17:31:42 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-disconnected-node/m-p/4747187#M579035 assers001 2022-12-31T17:31:42Z https://community.cisco.com/t5/network-access-control/cisco-ise-disconnected-node/m-p/4747188#M579036 <P>what is the version of ISE -&nbsp; is this a Local CA or signed by the Public CA Server?</P> <P>is the Certs used before from the same CA, or is the Local CA changed and generated a wildcard?</P> <P>if the local CA changed you need to add root CA to ISE to trust.</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215621-tls-ssl-certificates-in-ise.html" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215621-tls-ssl-certificates-in-ise.html</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Sat, 31 Dec 2022 17:47:44 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-disconnected-node/m-p/4747188#M579036 balaji.bandi 2022-12-31T17:47:44Z https://community.cisco.com/t5/network-access-control/cisco-ise-disconnected-node/m-p/4747236#M579037 <P>HI&nbsp;</P><P>what is the version of ISE&nbsp;&nbsp;<SPAN>Version: </SPAN><SPAN>2.6.0.156&nbsp;</SPAN><SPAN>Patch Information: </SPAN><SPAN>7</SPAN></P><P>-&nbsp; is this a Local CA or signed by the Public CA Server?&nbsp; Public CA Signed by third party .</P><P>is the Certs used before from the same CA, Not used by ise before .</P><P>or is the Local CA changed and generated a wildcard? We generate wildcard CSR and sent to CA&nbsp;</P><P>if the local CA changed you need to add root CA to ISE to trust.&nbsp;</P><P>&nbsp;</P><P>BR</P> Sun, 01 Jan 2023 07:38:50 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-disconnected-node/m-p/4747236#M579037 assers001 2023-01-01T07:38:50Z https://community.cisco.com/t5/network-access-control/cisco-ise-disconnected-node/m-p/4747254#M579038 <P>i would compare the primary node with other nodes below cisco certificate, also make sure the domain is not changed from previous to now.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="balajibandi_0-1672568639220.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/172319i4B39214B30CF604B/image-size/medium?v=v2&amp;px=400" role="button" title="balajibandi_0-1672568639220.png" alt="balajibandi_0-1672568639220.png" /></span></P> <P>&nbsp;</P> Sun, 01 Jan 2023 10:26:16 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-disconnected-node/m-p/4747254#M579038 balaji.bandi 2023-01-01T10:26:16Z https://community.cisco.com/t5/network-access-control/cisco-ise-disconnected-node/m-p/4747527#M579045 <P>Hi</P><P>The temp solution to restore deployment , i deregister sec the secondary node and make it standalone then generate Self Signed&nbsp; admin cert and re register the node to deployment .</P> Mon, 02 Jan 2023 09:51:17 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-disconnected-node/m-p/4747527#M579045 assers001 2023-01-02T09:51:17Z