https://community.cisco.com/t5/network-access-control/ise-distributed-deploy/m-p/4931887#M584326 <P><SPAN>Hi Guys, I am a bit puzzled about this. I have implemented 2 ISE nodes in&nbsp; Simple Two Node Deployment. Each node holds all personas. If I split it up, Ise03 holds, Admin and MnT, and Ise02 holds PSN personas, It still works, and clients gets AuthZ. NAD tacacs+ also works,&nbsp; however the live logs are empty? </SPAN></P> <P><SPAN>Any ideas?</SPAN></P> <P><SPAN>Both servers has certifcate from MS AD, NTP are in sync, and DNS records are in place.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Regards Kasper</SPAN></P> Sat, 30 Sep 2023 08:43:18 GMT Kasper Elsborg 2023-09-30T08:43:18Z https://community.cisco.com/t5/network-access-control/ise-distributed-deploy/m-p/4931887#M584326 <P><SPAN>Hi Guys, I am a bit puzzled about this. I have implemented 2 ISE nodes in&nbsp; Simple Two Node Deployment. Each node holds all personas. If I split it up, Ise03 holds, Admin and MnT, and Ise02 holds PSN personas, It still works, and clients gets AuthZ. NAD tacacs+ also works,&nbsp; however the live logs are empty? </SPAN></P> <P><SPAN>Any ideas?</SPAN></P> <P><SPAN>Both servers has certifcate from MS AD, NTP are in sync, and DNS records are in place.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Regards Kasper</SPAN></P> Sat, 30 Sep 2023 08:43:18 GMT https://community.cisco.com/t5/network-access-control/ise-distributed-deploy/m-p/4931887#M584326 Kasper Elsborg 2023-09-30T08:43:18Z https://community.cisco.com/t5/network-access-control/ise-distributed-deploy/m-p/4931892#M584327 <P>what version of ISE - I am bit confused here, you mentioned 2 Node deployment, do you have 3rd node admin and Mnt ?</P> <P>The Live Logs you looking hope&nbsp;<STRONG><EM>Operations &gt; TACACS &gt; Live Logs</EM></STRONG></P> <P>what switch model ? (may be run some debug and check is the logs shipping to ISE)</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Sat, 30 Sep 2023 09:16:15 GMT https://community.cisco.com/t5/network-access-control/ise-distributed-deploy/m-p/4931892#M584327 balaji.bandi 2023-09-30T09:16:15Z https://community.cisco.com/t5/network-access-control/ise-distributed-deploy/m-p/4931938#M584330 <P>Hi <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/286878">@balaji.bandi</a> First it's a test lab that I have running. The deployment was as described ISE02, and ISE03, holding all personas, PSN, MnT and Admin. Everythin works, Radius, and Tacacs, and there are logs in both Operation-&gt;live logs, and operations-&gt;tacacs-&gt;livelogs. and ofcause my policy sets get hits. Then I split deployment up, and ISE03 now only has admin and MnT, and ISE02 now only has PSN. Everything works like before. Clients get dot1x authZ and there are hits in the policies, Tacacs works, however now there are no logs in any of the live logs.</P> <P>&nbsp;</P> <P>ISE <SPAN>3.1.0.518</SPAN> patch 7</P> <P>Switch is a WS-C3650-48PD</P> <P>Br. Kasper</P> Sat, 30 Sep 2023 13:12:11 GMT https://community.cisco.com/t5/network-access-control/ise-distributed-deploy/m-p/4931938#M584330 Kasper Elsborg 2023-09-30T13:12:11Z https://community.cisco.com/t5/network-access-control/ise-distributed-deploy/m-p/4931971#M584331 <P>Hi, So I've disabled the "<SPAN>Use "ISE Messaging Service" for UDP Syslogs delivery to MnT" and then I have livelogs again. Then I reissued certificates for&nbsp;ISE Messaging Service on both node, but using the pxgrid template(it has both server and client). Reenabled the&nbsp;ISE Messaging Service" for UDP Syslogs delivery to MnT, and now it works.</SPAN></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="KasperElsborg_0-1696093732331.png" style="width: 400px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/198508i36B7ECE2461C5E42/image-size/medium?v=v2&amp;px=400" role="button" title="KasperElsborg_0-1696093732331.png" alt="KasperElsborg_0-1696093732331.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> Sat, 30 Sep 2023 17:08:00 GMT https://community.cisco.com/t5/network-access-control/ise-distributed-deploy/m-p/4931971#M584331 Kasper Elsborg 2023-09-30T17:08:00Z https://community.cisco.com/t5/network-access-control/ise-distributed-deploy/m-p/4931986#M584332 <P>glad to know all working, cheers for sharing your solution.</P> Sat, 30 Sep 2023 18:02:21 GMT https://community.cisco.com/t5/network-access-control/ise-distributed-deploy/m-p/4931986#M584332 balaji.bandi 2023-09-30T18:02:21Z