04-10-2020 07:37 AM
Every 90 minutes, i get this alarm. From both ISE nodes, pinging each other works just fine, so does DNS lookup, no problemo.
Configured nameservers are our domain controllers, again, you can ping them from ISE and DNS lookup is ok.
What is causing this recurring alarm?
Solved! Go to Solution.
04-12-2022 08:09 AM
Consider contacting TAC to troubleshoot your issue - it the bug could have been re-introduced.
04-10-2020 09:51 AM
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvh02628/?rfs=iqvred
M,
04-10-2020 12:17 PM
I came across that one already myself, but it doens't apply because i'm running 2.7
Affected releases are 2.1 and 2.2
04-11-2020 01:14 AM
Tx, for giving feedback on your current ISE version being used , the bug report however is strikingly similar to what you are experiencing such as the 90 minute sequence period for the alarms being generated.. Do you also have 'unusable domains' as mentioned in the bug report (which apparently can trigger this problem) ?
M.
04-14-2020 02:07 PM
What do you exactly mean with the 'bug report'? If you are referring to the detailed report of the error message, the answer is very short, there are not details available, it's just the error message.
So there is no real indication of something about 'unusable domains'.
04-15-2020 12:28 AM
Hi @Darkmatter ,
I think @marce1000 was talking about the Description, specifically the symptom of the bug. I checked the internal details on this bug. There are two possibilities:
(1) There is actually a DNS reachability issue at every 90 minutes interval.
(2) There is a regression of this bug in 2.7.
To check (1), you just need to take captures on ISE with the filter of the DNS server.
To check (2), check if you have any 'Unusable domains'. Refer to the image below:
04-16-2020 08:27 AM
I just updated to 2.6 patch 6 and have the same issue now. But not every 90 minutes, every 75 minutes (just like you do)
No unusuable domain, no dns reachability issue because they are the same as before
04-16-2020 11:12 AM
04-16-2020 11:56 PM
04-22-2020 06:47 AM - edited 04-22-2020 06:59 AM
I have to correct that i face this error also every 75 minutes and not 90 minutes like mentioned before.
I took a packet capture on one of the ISE nodes and the only abnormal i could see it this around the time that ISE reported the ALARM.
Installed patch 1 for version 2.7 - ise-patchbundle-2.7.0.356-Patch1-20033115.SPA.x86_64.tar.gz - in hopes this would be a bug and be solved by now but no luck either on that one.
FYI: ip addresses - .13/.14 are domain controllers and .49 is an ISE node - they are all in the same subnet
04-12-2022 08:09 AM
Consider contacting TAC to troubleshoot your issue - it the bug could have been re-introduced.
01-03-2021 10:45 PM
Running ISE 2.4 patch 11 same issue.
Running ISE 2.4 patch 13 same issue.
Running ISE 2.6 patch 6 same issue...
10-19-2021 08:47 AM - edited 10-19-2021 08:48 AM
Same behavior here with ISE 3.0p4 in a 6 Node deployment
ADM(P) ADM(S) MnT(P) MnT(S) PSN1 PSN2)
PSN1 only reports
"Configured nameserver is not responsive within timeout period. Server is either busy or unreachable."
every 75 Minutes
No messages from PSN2.
Have the same two DNS Servers configured on all ISEs,
DNS Servers and ISEs are in in the same subnet...
03-30-2022 12:18 AM
Same issue here: Happens every 75 minutes on node 1 but node 2 is ok. Running ISE 3.0 patch 5.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide