cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

4475
Views
1
Helpful
5
Replies
Highlighted
Beginner

ISE 2.1 - AD Connector "not running" after upgrade from v2.0.1

AD Connector state is "not running" after upgrade from ISE 2.0.1 to ISE 2.1. ISE deployment is STANDALONE.

ise/admin# sh application status ise

ISE PROCESS NAME                       STATE            PROCESS ID

--------------------------------------------------------------------

...

AD Connector                           not running

...

PassiveID Service                      not running

...

Join test show:

Status: Join Operation Failed: AD Connector is not available

Error Description: AD Connector Is Not Available

Support Details...

Error Name: ERROR_FILE_NOT_FOUND

Error Code: 2

Detailed Log:

Any ideas?

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ISE 2.1 - AD Connector "not running" after upgrade from v2.0.1

If you have ISE internal CA and/or other services enabled, please make sure ISE has at least 8-GB RAM. If that does not resolve the issue, please check the debug log ad_agent.log.

5 REPLIES 5
Cisco Employee

Re: ISE 2.1 - AD Connector "not running" after upgrade from v2.0.1

If you have ISE internal CA and/or other services enabled, please make sure ISE has at least 8-GB RAM. If that does not resolve the issue, please check the debug log ad_agent.log.

Beginner

Re: ISE 2.1 - AD Connector "not running" after upgrade from v2.0.1

is there any way to bring up AD Connector manually?

Cisco Employee

Re: ISE 2.1 - AD Connector "not running" after upgrade from v2.0.1

If memory is the issue, manually start is not going to help.

AD advanced tuning has a button to restart AD connector.

Screen Shot 2017-02-15 at 8.41.10 PM.png

Beginner

Re: ISE 2.1 - AD Connector "not running" after upgrade from v2.0.1

I had the same issue when applying patch ise-patchbundle-2.2.0.470-Patch2-214160.SPA.x86_64.tar.gz to a version 2.2.470 - after that the AD Connector was in "Not running" state and the ISE was waiting for "Waiting up to 300 seconds for lock: APP_START to complete"


Server has 16 Gb RAM, 4 Cores


(Should mention I aldo changed NTP-Servers just before this incident)


This lock was NEVER removed - and thus the ISE stuck in this state. Even after restart of the ISE it was still stuck with the "APP_START" hindering any further maintenance ... and no AD Communication.


I tried a lot of things - another upgrade, removing the patch etc. - including "application reset-config ise" - to no avail - APP_START was still in the way.


Last resort was to ask my VMWare hosting company to do a reimaging of the thing ... but since this particular one was in China, it was potentially a very long wait!


But last thing to try, was to change the role on the ISE from "STANDALONE" to "PRIMARY" - and after that - and after a very long wait were finished (while the ISE did it magics behind the scene!) - the AD Connector was up and running again ...


I then choose to do a "reset-config" anyway, apply the latest 2.3 upgrade - and it was back in business again




Cisco Employee

Re: ISE 2.1 - AD Connector "not running" after upgrade from v2.0.1

Thanks for the info.

CSCvf17703 has been logged to provide more debug info why the app start not completing.