cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
278
Views
0
Helpful
4
Replies

Can't log in to Node 2 GUI

teamdv6199
Level 1
Level 1

I have version 2.7. I suspect the problem might be something with the certs since when I had it joined to the cluster I could not view the certs on ise2. When I log into the gui it just sits on /admin/LoginAction.do.

 

Is there a way i can remove the cert from the CLI?? not sure what to do here. I have restarted a few times and tried safe mode

1 Accepted Solution

Accepted Solutions

Fixed it by doing a reset config on node 2 then re made the certs

View solution in original post

4 Replies 4

What does "show application status ise" show on the CLI?  Also "show ports"?  What changed?  Was it working before?  Did a certificate expire?  VM or appliance?  What patch?

https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/bulletin-c25-2943876.html

It was working before, i suspect something happened with the certs. I dont know what exactly:

 

sho ports
Process : ttcserver (24918)
tcp: 0.0.0.0:53385, 127.0.0.1:12477
Process : redis-server (25122)
tcp: 127.0.0.1:6379
Process : systemd (1)
tcp: 0.0.0.0:111, :::111
udp: 0.0.0.0:111, :::111
Process : jsvc.exec (27964)
tcp: 169.254.0.228:49, 169.254.2.1:49, 172.28.0.35:49, 169.254.0.228:50, 169.254.2.1:50, 172.28.0.35:50, 169.254.0.228:51, 169.254.2.1:51, 172.28.0.35:51, 169.254.0.228:52, 169.254.2.1:52, 172.28.0.35:52, 127.0.0.1:8888, :::9061, :::9063, :::8905, :::8009, :::5514, :::9002, :::1099, :::8910, :::9999, :::80, :::34098, :::9080, :::443, :::9085, :::9090, 127.0.0.1:2020, :::9060
udp: 169.254.0.228:16268, 169.254.0.228:21332, 172.28.0.35:55180, 169.254.2.1:25393, 172.28.0.35:62717, 0.0.0.0:64860, 0.0.0.0:32941, 169.254.0.228:1645, 169.254.2.1:1645, 172.28.0.35:1645, 127.0.0.1:1645, 169.254.0.228:1646, 169.254.2.1:1646, 172.28.0.35:1646, 127.0.0.1:1646, 169.254.0.228:1700, 169.254.2.1:1700, 172.28.0.35:1700, 127.0.0.1:1700, 169.254.0.228:1812, 169.254.2.1:1812, 172.28.0.35:1812, 127.0.0.1:1812, 169.254.0.228:1813, 169.254.2.1:1813, 172.28.0.35:1813, 127.0.0.1:1813, 169.254.0.228:2083, 169.254.2.1:2083, 172.28.0.35:2083, 127.0.0.1:2083, 169.254.0.228:3799, 169.254.2.1:3799, 172.28.0.35:3799, 127.0.0.1:3799, 169.254.2.1:38013, 0.0.0.2:12190, :::21840, :::30514, :::30514, :::33461, 172.28.0.35:8905, fe80::7279:b3ff:fe:8905, 169.254.2.1:8905, fe80::42:ff:fe4b:b:8905, 169.254.0.228:8905, fe80::a844:87ff:fe:8905, :::44450, :::13279
Process : timestensubd (24916)
tcp: 127.0.0.1:28338
Process : nginx: (2627)
tcp: 0.0.0.0:8084
Process : timestend (24909)
tcp: 0.0.0.0:53396
Process : sshd (867)
tcp: 0.0.0.0:22, :::22
Process : timestensubd (24914)
tcp: 127.0.0.1:21561
Process : master (11594)
tcp: 127.0.0.1:25, ::1:25
Process : monit (1404)
tcp: 127.0.0.1:2812, ::1:2812
Process : timestensubd (24913)
tcp: 127.0.0.1:15452
Process : timestensubd (24915)
tcp: 127.0.0.1:16157
Process : jsvc.exec (32538)
tcp: 0.0.0.0:2560, 0.0.0.0:9444
Process : ora_d000_cpm1 (20408)
tcp: :::16936
udp: ::1:49764
Process : java (28180)
tcp: :::18892, :::14704, 127.0.0.1:7634, 127.0.0.1:20515
udp: 0.0.0.0:20514, :::9993, :::46883
Process : java (30032)
tcp: 127.0.0.1:9200, ::1:9200, 172.28.0.35:9300
Process : tnslsnr (20216)
tcp: :::1521
Process : docker-proxy (22479)
tcp: :::15672
Process : java (25944)
tcp: :::9086
Process : docker-proxy (22515)
tcp: :::8671
Process : docker-proxy (22501)
tcp: :::8672
Process : chronyd (809)
udp: 127.0.0.1:323, ::1:323
Process : rpcbind (9365)
udp: 0.0.0.0:988, :::988
Process : ora_s000_cpm1 (20410)
udp: ::1:15566
Process : ora_lreg_cpm1 (20400)
udp: ::1:54500

 

 

 

sh application status ise

ISE PROCESS NAME STATE PROCESS ID
--------------------------------------------------------------------
Database Listener running 20216
Database Server running 115 PROCESSES
Application Server running 27964
Profiler Database running 25122
ISE Indexing Engine running 30032
AD Connector running 347
M&T Session Database running 24909
M&T Log Processor running 28180
Certificate Authority Service running 32538
EST Service running 2627
SXP Engine Service disabled
Docker Daemon running 21880
TC-NAC Service disabled

Wifi Setup Helper Container disabled
pxGrid Infrastructure Service disabled
pxGrid Publisher Subscriber Service disabled
pxGrid Connection Manager disabled
pxGrid Controller disabled
PassiveID WMI Service disabled
PassiveID Syslog Service disabled
PassiveID API Service disabled
PassiveID Agent Service disabled
PassiveID Endpoint Service disabled
PassiveID SPAN Service disabled
DHCP Server (dhcpd) disabled
DNS Server (named) disabled
ISE Messaging Service running 22540
Segmentation Policy Service disabled
SSE Connector disabled

 

 

There is a binding for 443 so you should get a web response.  Is this true?  What certificate do you see in your browser when you connect?  What does the deployment screen show for this node?

The show application status ise output is not complete.  It is missing the service status of each one, running, stopped, starting, etc.

VM or appliance?  What patch?

Fixed it by doing a reset config on node 2 then re made the certs