04-22-2017 12:05 AM - edited 03-20-2019 09:20 PM
Here is the issue.. Cisco ISE 2.1 patch 3 context visibility page gives the following exception
Unable to load Context Visibility page. Exception: blocked by: [SERVICE_UNAVAILABLE/1/state not recovered / initialized];
Cisco document says its a bug and clear solution is not given , the biggest challenge now is to add static end points ? Any one with similar issue give me ideas for updating endpoints.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd38251/?referring_site=bugquickviewredir
05-15-2017 05:15 AM
I have Cisco ISE 2.1 Patch 2 and the same problem. I was expecting the Patch 3 will solve the issue, but this topic has destroy my expectations.
05-15-2017 05:27 AM
Context visibility is working now , work around was to generate self-signed certificate for the admin personas and import the secondary admin self-signed cert to the trusted certificate store.
Now admin console has certificate error. , otherwise everything works fine.
05-16-2017 08:26 AM
Thanks for sharing....But, I think it is not a solution for me. I have certificates provided by an External CA, two ISE appliances in cluster. I will need to broke the cluster, set a self-signed certificate, recreate the cluster and I have no sure it will solve the problem over this scenario.
05-17-2017 10:31 PM
You can try to generate External CA with all ISE node IP address in the SAN fields , and import to the trusted store of the node.
05-27-2017 08:52 AM
I fixed this by making sure my root and intermediate 3rd party certificates in the "trusted certificates" had "Trust for authentication of Cisco Services" selected. After doing that, I had to restart the Primary Admin node to get the problem to clear.
07-26-2017 04:00 AM
I also have an external CA and the problem was solved after set a correct reverse DNS entry for the both ISE nodes.
07-13-2017 12:52 PM
i have run into the same issue on our 2.2 deployment. we are using an external CA with the SANs filled out for every concieveable policy node name and URL. the system will function fine for a while and then out of the blue all context visibility disappears. i can usually get things running again with a reboot of the primary admin node but not today it seems.
i have tried enabling the "trust for auth of Cisco Services" the root and intermediate CAs for my external cert, no dice.
i have tried setting the admin node's self-signed cert for admin use, no dice.
i have tried rebooting the monitor nodes. same issue.
i have tried setting the admin nodes as the monitoring nodes as well (double duty on the same box). issue persists.
this is getting annoying. might call TAC...
07-13-2017 01:11 PM
desperate measures were called for. we run 8 nodes in our deployment. i had to go to EACH one and set the self-signed cert for each as for the admin job. because they were already in a cluster and i had already added each one as a trusted cert they all trusted each other. and low and behold the context vis area works again.
this is ridiculous.
10-26-2017 08:27 PM
I have the same issue. we also used external CA. How did you resolve the issue? Thanks!
02-13-2018 02:45 AM
Hi Ben,
I am running into same issue after upgrade to 2.3.
I also use external certificates.
Did you manage to get this fixed in the end?
Thanks,
laszlo
01-31-2019 01:18 PM
no we still have issues with this. in-fact it seems to have broken once again today while i was updating some certs on the deployment.
we do have reverse dns setup properly so i can resolve the name of each node via the IP address, so that's not the problem.
the 2 admin and 2 monitor nodes are all using their self-signed certs for the admin role. also i have imported those same self-signed certs into the trusted cert store to ensure that all nodes in the deployment trust those certs. almost tempted to try switching back to using our globalsign external cert that we use almost everything else in this deployment for admin and see what happens.
10-31-2017 09:07 AM
I had the same issue, I fixed it by making sure both ISE nodes had a reverse PTR DNS records.
01-29-2018 01:47 AM
i have a slightly different error message when i go to context visibility > endpoints. the error message which is displayed is:
"Unable to load context visibility page. Ensure that full certificate chain of admin certificate is installed..."
i have uploaded the certificate chain for admin certificate and all checks out.
01-29-2018 02:42 AM - edited 02-14-2018 03:06 AM
i have resolved this. In my environment, i am running version 2.3 patch 1 and i had obtained an MS internal CA cert for admin. All i had to do was disable the self signed admin certificate from the trusted cert list and restarted the application. That solved the issue for me.
Also make sure the certificate being used for admin portal has Cisco services enabled on it. then run application ise stop/start command from CLI. this should solve this issue
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide