Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2268
Views
0
Helpful
0
Replies

Cisco ISE ADE-OS Build Version: 3.0.8.091

ifabrizio
Level 1
Level 1

‎04-28-2022 04:11 AM - edited ‎04-28-2022 11:28 PM

Dear All,

 

I am starting with Ise deplyment for a small network, with a Primary and a Secondary Nodes (PAN and PSN).

I am trying to copy the export the self signed cert on the secondary ISE for disaster recovery porpouses, following the administrator guide procedure:

https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/admin_guide/b_ISE_admin_3_0/b_ISE_admin_30_basic_setup.html#concept_435C4E3FF56949B1B4D5A0C73671AB22

 

The file ise_ca_key_pairs_of_Hostname1 is created in the repository of primary Node, but  it cannot connect with https to the secondary node(Hostname2):

 

Hostname1/user# application configure ise

Selection configuration option
[1]Reset M&T Session Database
[2]Rebuild M&T Unusable Indexes
[3]Purge M&T Operational Data
[4]Reset M&T Database
[5]Refresh Database Statistics
[6]Display Profiler Statistics
[7]Export Internal CA Store
[8]Import Internal CA Store
[9]Create Missing Config Indexes
[10]Create Missing M&T Indexes
[11]Enable/Disable ACS Migration
[12]Generate Daily KPM Stats
[13]Generate KPM Stats for last 8 Weeks
[14]Enable/Disable Counter Attribute Collection
[15]View Admin Users
[16]Get all Endpoints
[19]Establish Trust with controller
[20]Reset Context Visibility
[21]Synchronize Context Visibility With Database
[22]Generate Heap Dump
[23]Generate Thread Dump
[24]Force Backup Cancellation
[25]CleanUp ESR 5921 IOS Crash Info Files
[26]Recreate undotablespace
[0]Exit

7
Export Repository Name: rep1
Enter encryption-key for export:
log4j:WARN No appenders could be found for logger (org.springframework.context.support.ClassPathXmlApplicationContext).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
Security Protocol list Start
Inside Session facade init
Old Memory Size : 32414128
In the init method of PDPFacade
AuditMessage: 34149: AdminAudit.AcsInstance=Hostname2.domain.com, AdminAudit.OperationMessageText=HTTPS connection failed to host: Hostname2.domain.com, AdminAudit.AdminName=Unknown
Time taken for NSFAdminServiceFactory to load1198
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...

 

Looking the Administrative and Operational Audit log I got the following error:

Apr 28 12:59:23 hostname1.domain.com HOSTNAME1 CISE_Administrative_and_Operational_Audit 0000001450 1 0 2022-04-28 12:59:23.667 +02:00 0000200396 61025 NOTICE EAP-TLS: Open secure connection with TLS peer, ConfigVersionId=78, AdminInterface=UNKNOWN, AdminIPAddress=172.26.31.250\, , OperationMessageText=Connection created from 172.26.31.249:59819 to 169.254.2.2:5671, AcsInstance=HOSTNAME1

 

It seems very close to the error about the BUG:

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp59038

 

What do you think about?

 

Best regards,

 

Igor.

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents