Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13277
Views
26
Helpful
13
Replies

Alarm Name : ISE Authentication Inactivity Details : No Authentications in the last 15 minutes

Go to solution
Ditter
Level 4
Level 4

‎07-30-2018 06:02 AM - edited ‎03-11-2019 01:47 AM

Hi to All,

I think that a lot of discussion has been around this "No Authentications in the last 15 minutes" and as i noticed int he bug reporting tool this would be fixed in ISE 2.4(357) , however i have this version and the message is still active. I also changed the Radius settings under Administration --> Settings --> Protocols --> radius from 15 minutes to one hour but i do not think that it is the correct setting.

So the question still remains: Is thre a way to reduce these inactivity authentication messages?

Thank you,

 

Ditter

 

 

2 people had this problem
Preview file
2 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎08-04-2018 07:50 PM

Go to the Alarm Settings page, select this alarm, edit its status to disable, and save.

Screen Shot 2018-08-04 at 7.49.14 PM.png

 

View solution in original post

13 Replies 13

Go to solution
Ditter
Level 4
Level 4

‎08-01-2018 04:43 AM

Just bouncing the thread!

 

Any noew of how to suppress this kind of message. I am running ISE 2.4(357)

0 Helpful

Go to solution
vthaluru
Cisco Employee
Cisco Employee

‎08-01-2018 04:53 AM

Hi Ditter,

Just check have you selected the log collector for passed and failed authentication on logging categories.

If you are not selected ,then please select it and it  will stop.

 

Thanks

VenkataKrishna

0 Helpful

Go to solution
Ditter
Level 4
Level 4
In response to vthaluru

‎08-01-2018 06:09 AM

Hi  VThaluru,

 

the logging was as you can see in the attached image. I now selected log collector for both passed and failed notifications.  I will let you know if something changes.

 

Thanks a lot.

 

 

Preview file
9 KB
0 Helpful

Go to solution
Ditter
Level 4
Level 4
In response to Ditter

‎08-02-2018 02:05 AM

Hi, unfortunately nothing changed after selecting logcollector for both passed and failed logins.

 

The messages keep coming every 15 minutes:

 

Alarm Name :
ISE Authentication Inactivity

Details :
No Authentications in the last 15 minutes

Description :
The ISE Policy Service nodes are not receiving Authentication requests from the Network Devices

Severity :
Warning

 

One thing i noticed is that the Failed and Passed attempts have as severity INFO, but in our case the severity is Warning, thus we are talking about a different parent category.

0 Helpful

Go to solution
Ditter
Level 4
Level 4
In response to Ditter

‎08-03-2018 02:16 AM

So are we still hitting the bug CSCuz52877 even in ISE 2.4 (357) ?

0 Helpful

Go to solution
Steve Dussault
Level 1
Level 1
In response to Ditter

‎09-14-2018 05:30 AM

I am also seeing this issue in release 2.4(0.357).

0 Helpful

Go to solution
hpenley
Level 1
Level 1
In response to Ditter

‎08-08-2019 06:10 AM

I'm still getting the warning notification.ISE 2.4 Version Info.png

ISE Error No Auth in 15 minutes.png

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee

‎08-04-2018 07:50 PM

Go to the Alarm Settings page, select this alarm, edit its status to disable, and save.

Screen Shot 2018-08-04 at 7.49.14 PM.png

 

Go to solution
Jetpack
Level 1
Level 1
In response to hslai

‎10-28-2020 10:50 AM

Worked great for this.
I wish I could do this for the certificate expired. Have one that kicks out that warning for a certificate that doesn't exist. Can't figure out where that ghost certificate is/was because it isn't listed in the GUI.

0 Helpful

Go to solution
mumustha
Cisco Employee
Cisco Employee
In response to Jetpack

‎03-04-2021 01:01 AM

Hi Jetpack,

 

You could reach out to Cisco TAC to clear the expired certificate from the ISE DB if not present in the ISE GUI.
Disabling the ISE certificate expiry alarm will not be the best way forward as usable certificates may also fall in this category.

0 Helpful

Go to solution
Thomas Hontz Jr
Level 1
Level 1
In response to Jetpack

‎03-29-2021 04:39 AM

Also you probably won't be able to upgrade with the ghost certificate.  I ran into this problem a while back.  TAC will be able to clear it for you.  

0 Helpful

Go to solution
fabianwickman
Level 1
Level 1
In response to hslai

‎04-01-2021 05:13 AM

Hi, We are seeing this alarm in 2.7 patch 3.

Should you really disable the alarm? Is it just cosmetic? What if there is an issue that needs to be fixed in the network?

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to fabianwickman

‎04-01-2021 08:24 AM

Under normal deployment functions it can certainly indicate a major problem if it suddenly starts. The reason this alarm is generated is because there is no radius authentication hitting a node, or the logging from that node has failed. This could indicate a network reachability issue, a load balancer issue, or something internal to ISE. 

False positives are common if all your authentication uses the same node as primary. The secondary may report this alarm since nothing is configured to use it it unless the primary is down. If the load is balanced across the primary and secondary (or more nodes), then assuming radius hits the nodes at least once every 15 minutes, the alarm will not be triggered. 

Disabling it is common since many use a primary/secondary, I suggest balancing the load either way. 

0 Helpful
Customers Also Viewed These Support Documents