Active Endpoints Total is Way Off or Not Resetting

Matthew Martin · ‎11-23-2020

Hello All,

ISE v2.7

We recently upgrade our ISE deployment from 2.3 to 2.7 about 2 weeks ago.

Since the upgrade, on the ISE Home page, the Active Endpoints section is currently showing 2,558. This number is very inaccurate. Our normal number for active endpoints is somewhere in the neighborhood of about 500+ endpoints.

The licensing page in ISE seems accurate. So I'm wondering if this is a bug or is there some type of stat that needs to be reset?

Or, I'm wondering if something has changed in the Accounting aspect of ISE that also needs to change on the Switches, WLC, etc...

Thanks in Advance,

Matt

Arne Bier · ‎11-29-2020

Probably needs a TAC case to be 100% sure.

You should not have to change any ISE config regarding accounting etc.

In the Alarm dashboard do you see the "Queue Link" error? if so, you may need to regenerate your Internal CA cert - but beware: don't do this if you are using the internal CA for BYOD or pxGrid. If you know for certain that you're not, then regenerate it. The queue link error seems to have plagued a lot of people - to the point where Live Logs become unusable etc.

It might require a clearning out of the session table on the PAN CLI. Recommend getting TAC guidance on that:

application configure ise

Selection configuration option
[1]Reset M&T Session Database
[2]Rebuild M&T Unusable Indexes
[3]Purge M&T Operational Data
[4]Reset M&T Database
[5]Refresh Database Statistics
[6]Display Profiler Statistics
[7]Export Internal CA Store
[8]Import Internal CA Store
[9]Create Missing Config Indexes
[10]Create Missing M&T Indexes
[11]Enable/Disable ACS Migration
[12]Generate Daily KPM Stats
[13]Generate KPM Stats for last 8 Weeks
[14]Enable/Disable Counter Attribute Collection
[15]View Admin Users
[16]Get all Endpoints
[17]Enable/Disable Wifi Setup
[18]Reset Config Wifi Setup
[19]Establish Trust with controller
[20]Reset Context Visibility
[21]Synchronize Context Visibility With Database
[22]Generate Heap Dump
[23]Generate Thread Dump
[24]Force Backup Cancellation
[0]Exit

Matthew Martin · ‎11-30-2020

Hi Arne, thanks for the reply.

Not sure what happened over the long weekend. But, when I got in this morning, the Active Endpoints is now showing about 535, which is way more accurate then the 25,000+ I was seeing... Very strange!

As for the Queue Link error. Yes, I am seeing a Queue Link error showing up on the Home screen of ISE. I am seeing the messages:

"Queue Link Error: Message=From primary-ise.domain.com To secondary-ise.domain.com; Cause=Basic_cancel "

I haven't really noticed any issues with LiveLogs to speak of. But, you think I should open a TAC case in regards to the Queue Link error messages?

Thanks Again,

Matt

Arne Bier · ‎12-01-2020

That's good news. Nah ... don't need to open a TAC case for the QUeue Link Error if your system is working as expected. Some folks had massive delays in Live logs or no Live Logs at all. That is more alarming ... excuse the pun

If that Alarm bothers you then you can regenerate the internal CA and that will get rid of that Alarm. If you're unsure, then open a TAC case for assistance. You don't want to re-gen your internal CA if you have things that depend on it.