Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
915
Views
2
Helpful
9
Replies

Cisco ISE "CA Server is down"

Go to solution
oumodom
Level 1
Level 1

‎04-22-2025 07:23 PM

Dear Team, 

Currently, we get the alarm on cisco ISE message

Description CA Server is down
Suggested Actions Please check to make sure the CA services are up and running on the CA server.

While we all identify functionality of ISE, there is no any affect part.
As healthy, Deployment Node, and External identity are working well with AD. 

Please let me know if there is the normal bug and how to fix it?

Cisco ISE v3.1 Deployment Node running the same box. 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcelo Morais
VIP
VIP
In response to oumodom

‎04-24-2025 02:43 AM

Hi @oumodom ,

 in other words, you have a Certificate Authority enabled (ISE GUI) and also a Certificate Authority Service running on all PSNs (ISE CLI) ... looks like Bug IDCSCuz86154 Alarms:CA Sever is down.

CSCuz86154.png

 

Please:

1st disable and enable the Certificate Authority (Administration > System > Certificates > Certificate Authority > Internal CA Settings) ... maybe the Alarm will go away !!!   :  )

2nd reboot/reload the Nodes and see what happens.

 

Hope this helps !!!

 

View solution in original post

9 Replies 9

Go to solution
oumodom
Level 1
Level 1

‎04-22-2025 09:50 PM

@Leo Laohoo @Arne Bier Do you have any idea on this matter? 

 

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP

‎04-22-2025 10:24 PM

Hi @oumodom ,

 at Administration > System > Certificates > Certificate Authority > Internal CA Settings, check if the Certificate Authority is enabled:

Internal CA Settings.png

 

double check the info at ISE PSN CLI:

 

ise/admin# show application status ise

ISE PROCESS NAME                STATE     PROCESS ID 
----------------------------------------------------
...
Certificate Authority Service   running   26507 
...

 

Hope this helps !!!

0 Helpful

Go to solution
oumodom
Level 1
Level 1
In response to Marcelo Morais

‎04-22-2025 11:57 PM

So, if is enable as you suggested which meant working well on CA-server ? 

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP
In response to oumodom

‎04-23-2025 06:51 AM

Hi @oumodom ,

 yes, one of the uses of an enabled Certificate Authority is to generate Certificate Signing Requests (CSR) (please take a look at ISE - Queue Link Error > search for Certificate Authority).

 

Hope this helps !!!

0 Helpful

Go to solution
oumodom
Level 1
Level 1
In response to Marcelo Morais

‎04-24-2025 02:04 AM

Hi @Marcelo Morais 
We have followed through all even CLI clarify on ISE Message service as enable as normal. 
From yesterday until now, we have met CA Server is down alerts in 2 times. 

Any more idea on this alarm still persists ?

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP
In response to oumodom

‎04-24-2025 02:43 AM

Hi @oumodom ,

 in other words, you have a Certificate Authority enabled (ISE GUI) and also a Certificate Authority Service running on all PSNs (ISE CLI) ... looks like Bug IDCSCuz86154 Alarms:CA Sever is down.

CSCuz86154.png

 

Please:

1st disable and enable the Certificate Authority (Administration > System > Certificates > Certificate Authority > Internal CA Settings) ... maybe the Alarm will go away !!!   :  )

2nd reboot/reload the Nodes and see what happens.

 

Hope this helps !!!

 

Go to solution
oumodom
Level 1
Level 1
In response to Marcelo Morais

‎04-24-2025 03:20 AM

Appreciate your support with precise action @Marcelo Morais . 
Let us keep posted for status. 

0 Helpful

Go to solution
oumodom
Level 1
Level 1
In response to Marcelo Morais

‎04-27-2025 06:49 PM

During the monitoring within 3-4 days, we can't find this alert emerges. 

I think it is the bug on Cisco v3.1 @Marcelo Morais 

0 Helpful
Customers Also Viewed These Support Documents