Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
66
Views
0
Helpful
1
Replies

Cisco ISE 3.1.0 HA (High availability)

Kepler
Level 1
Level 1

‎11-18-2024 02:51 AM

Hi, I am trying to make Cisco ISE HA. On the Cisco site, I did not find a user manual for it.


I have cloned the main ISE 3.1.0 and changed the IP.

I am trying to make HA:
Administration > Deployment > Register (FQDN, user, password)

But I have this error:

Kepler_0-1731926488287.png

in Trusted Certificates > Certificate Services Node CA - ISE-3-1-0#00002 > 

Kepler_2-1731926783602.png

 


I find just "Trust for authentication of Cisco Services" and enabled it, but I have the same error.


Please help.

 

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎11-18-2024 03:28 AM

My advice: First upgrade to 3.3 and then build the second node. With that, you don't have to deal with this problem. I don't remember with which version it changed, but newer releases give you the option to trust the certificate when you add the new node to the deployment.

For your actual setup, there are likely two ways to go (at least what the error message suggests):

1) Import the Admin certificate from the second node in the trusted store of the first node.

2) Configure the second node with a certificate from your PKI, (the same PKI that issued the certificate for the first node).

After one of these, the deployment should build. And if you only changed the IP, you also have to change the hostname and add it correctly to DNS.

0 Helpful
Customers Also Viewed These Support Documents