CSCvk48115%20-%20ISE%202.3%20RSA%20SecurID%20authentication%20fails

alramos007 · ‎08-02-2018

This situation usually takes place when your passing authentication from RSA to ISE has been lost via ISE communication. ISE 2.3 or lower versions seem to cache the RSA keys in the SQL database when ISE persona nodes lose communication within their acting environment. The cause of ISE restarting, or losing an ISE node in the External Identity environment may vary. Basically it loses communication to the Radius listening ports.

The fix listed above is a work-around. Once the Sql databases are cleared within the ISE nodes. The RSA configuratioin will have to be recreated. This means generating a new config file, uploading it into the ISE environment, and re-establisng the policy sets. And finally, the timing is crucial on restarting the ISE services within the ISE environment. These are some of the considerations to take in place. And finally remember to call TAC to facilitate the root access into ISE for the SQL changes.

Thanks

evolution1cco · ‎02-22-2019

Not sure if this helps anyone, but with 2.4 we ran into this issue as well. For us, a bounce of an AD server fixed the issue.

Hope it helps.

kevin.fogarty · ‎01-17-2020

And the bug is still present in 2.4 patch 10...Also i don't see it referenced in the Release Notes for patch 11