Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7582
Views
6
Helpful
14
Replies

Alarms: configured nameserver is not responsive within timeout period

Go to solution
Darkmatter
Level 1
Level 1

‎04-10-2020 07:37 AM

Every 90 minutes, i get this alarm. From both ISE nodes, pinging each other works just fine, so does DNS lookup, no problemo.

Configured nameservers are our domain controllers, again, you can ping them from ISE and DNS lookup is ok.

What is causing this recurring alarm?

 

Nameserver ISE.png

3 people had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee
In response to Darkmatter

‎04-12-2022 08:09 AM

Consider contacting TAC to troubleshoot your issue - it the bug could have been re-introduced.

View solution in original post

0 Helpful
14 Replies 14

Go to solution
marce1000
Hall of Fame
Hall of Fame

‎04-10-2020 09:51 AM

 

 https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvh02628/?rfs=iqvred

 M,



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
Darkmatter
Level 1
Level 1
In response to marce1000

‎04-10-2020 12:17 PM

I came across that one already myself, but it doens't apply because i'm running 2.7

Affected releases are 2.1 and 2.2

0 Helpful

Go to solution
marce1000
Hall of Fame
Hall of Fame
In response to Darkmatter

‎04-11-2020 01:14 AM

 

 Tx, for giving feedback on your current ISE version being used , the bug report however is strikingly similar to what you are experiencing such as the 90 minute sequence  period for the alarms being generated.. Do you also have 'unusable domains' as mentioned in the bug report (which apparently can trigger this problem) ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
Darkmatter
Level 1
Level 1
In response to marce1000

‎04-14-2020 02:07 PM

What do you exactly mean with the 'bug report'? If you are referring to the detailed report of the error message, the answer is very short, there are not details available, it's just the error message.

 

So there is no real indication of something about 'unusable domains'.

0 Helpful

Go to solution
Anurag Sharma
Cisco Employee
Cisco Employee
In response to Darkmatter

‎04-15-2020 12:28 AM

Hi @Darkmatter ,

 

I think @marce1000  was talking about the Description, specifically the symptom of the bug. I checked the internal details on this bug. There are two possibilities:

(1) There is actually a DNS reachability issue at every 90 minutes interval.

(2) There is a regression of this bug in 2.7. 

 

To check (1), you just need to take captures on ISE with the filter of the DNS server.

To check (2), check if you have any 'Unusable domains'. Refer to the image below:

Unusable domains.png

Hope that helps!
Please 'RATE' and 'MARK ACCEPTED', if applicable.

Go to solution
pierok
Level 1
Level 1
In response to Anurag Sharma

‎04-16-2020 08:27 AM

I just updated to 2.6 patch 6 and have the same issue now. But not every 90 minutes, every 75 minutes (just like you do)

No unusuable domain, no dns reachability issue because they are the same as before

0 Helpful

Go to solution
Anurag Sharma
Cisco Employee
Cisco Employee
In response to pierok

‎04-16-2020 11:12 AM

Hi pierok,

From which version did you upgrade to 2.6 p6?
Hope that helps!
Please 'RATE' and 'MARK ACCEPTED', if applicable.
0 Helpful

Go to solution
pierok
Level 1
Level 1
In response to Anurag Sharma

‎04-16-2020 11:56 PM

from 2.3.
but now my Primary PAN is unresponsive....looks like I face a bug in patch 6 just like here : https://community.cisco.com/t5/network-access-control/ise-2-6-patch-4-deferred-removed/td-p/4037181
I'll revert back and install patch 5
0 Helpful

Go to solution
Darkmatter
Level 1
Level 1
In response to pierok

‎04-22-2020 06:47 AM - edited ‎04-22-2020 06:59 AM

I have to correct that i face this error also every 75 minutes and not 90 minutes like mentioned before.

I took a packet capture on one of the ISE nodes and the only abnormal i could see it this around the time that ISE reported the ALARM.

DNS ISE_LI.jpg

Installed patch 1 for version 2.7 - ise-patchbundle-2.7.0.356-Patch1-20033115.SPA.x86_64.tar.gz - in hopes this would be a bug and be solved by now but no luck either on that one.

FYI: ip addresses - .13/.14 are domain controllers and .49 is an ISE node - they are all in the same subnet

0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee
In response to Darkmatter

‎04-12-2022 08:09 AM

Consider contacting TAC to troubleshoot your issue - it the bug could have been re-introduced.

0 Helpful

Go to solution
Me And You
Level 1
Level 1

‎01-03-2021 10:45 PM

Running ISE 2.4 patch 11 same issue.

Running ISE 2.4 patch 13 same issue.

Running ISE 2.6 patch 6 same issue...

Go to solution
ffischer
Level 1
Level 1

‎10-19-2021 08:47 AM - edited ‎10-19-2021 08:48 AM

Same behavior here with ISE 3.0p4 in a 6 Node deployment
ADM(P) ADM(S) MnT(P) MnT(S) PSN1 PSN2)

PSN1 only reports 
"Configured nameserver is not responsive within timeout period. Server is either busy or unreachable."

every 75 Minutes

 

No messages from PSN2.

 

Have the same two DNS Servers configured on all ISEs,

DNS Servers and ISEs are in in the same subnet...

0 Helpful

Go to solution
ajtm
Level 1
Level 1

‎03-30-2022 12:18 AM

Same issue here: Happens every 75 minutes on node 1 but node 2 is ok. Running ISE 3.0 patch 5.

0 Helpful

Go to solution
magonzalez
Level 1
Level 1

‎06-11-2024 06:52 PM

Bringing this up as my last upgrade did not quiet the alarm... 
I have a 10 node deployment... 5 redundant nodes... 2 PANs, 4 PSNs, 2 pxGRID and 2 M&T 
My primary PAN always reports this  

My DNS is of course rock solid, or we would be having more than ISE errors  

Alarm Name : 
Configured nameserver is not responsive within timeout period.

Details : 
Configured nameserver is not responsive within timeout period. Server is either busy or unreachable.  Server=xxxPCSVIPAN01

Description : 
Configured nameserver is not responsive within timeout period. Server is either busy or unreachable.

Severity : 
Warning

Suggested Actions : 
Check DNS configuration, check corresponding DNS server and domain controller are available. Server is either busy or unreachable.

*** This message is generated by Cisco Identity Services Engine (ISE) ***

Sent By Host : xxxPCSVIMNT01
xxxPCSVIPAN01/admin#ping dns1
PING 10.80.5.110 (10.80.5.110) 56(84) bytes of data.
64 bytes from 10.80.5.110: icmp_seq=1 ttl=60 time=1.26 ms
64 bytes from 10.80.5.110: icmp_seq=2 ttl=60 time=1.03 ms
64 bytes from 10.80.5.110: icmp_seq=3 ttl=60 time=1.20 ms
64 bytes from 10.80.5.110: icmp_seq=4 ttl=60 time=0.800 ms

--- 10.80.5.110 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 0.800/1.072/1.264/0.180 ms

xxxPCSVIPAN01/admin#ping dns2
PING 10.161.20.110 (10.161.20.110) 56(84) bytes of data.
64 bytes from 10.161.20.110: icmp_seq=1 ttl=64 time=0.446 ms
64 bytes from 10.161.20.110: icmp_seq=2 ttl=64 time=0.160 ms
64 bytes from 10.161.20.110: icmp_seq=3 ttl=64 time=0.240 ms
64 bytes from 10.161.20.110: icmp_seq=4 ttl=64 time=0.167 ms

--- 10.161.20.110 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3104ms
rtt min/avg/max/mdev = 0.160/0.253/0.446/0.116 ms

xxxPCSVIPAN01/admin#



0 Helpful
Customers Also Viewed These Support Documents