When you initially integrate DNAC with ISE, then DNAC will fetch the ISE cert via SSH. Regenerating the ISE internal Root CA should not affect the ISE System certs. If I am wrong, then you might find that the pxGrid System cert has changed. I have not looked into this. I would suspect then that you'd need to re-integrate ISE with DNAC - which is a pain if you have already referenced ISE in your DNAC Design config. My workaround for that is to create a temp AAA server definition in DNAC and point your config to that - then you can safely remove the ISE definition.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.