11-21-2017 06:49 AM - edited 02-21-2020 10:39 AM
Hi, today I changed the IP address of the gig0 and gig1 interfaces of the ISE 2.2 (version 2.2.0.470), but since then I cannot access the GUI. I can ping those IP addresses and even can establish SSH to the ISE CLI and issue commands, but the web page gives me the following error:
Solved! Go to Solution.
06-03-2019 01:37 AM - edited 06-03-2019 01:40 AM
Hello All,
I had the same issue.
I've got access to console on VM.
I run ISE application ise in safe mode. After got access to GUI.
ise/admin# application stop ise
ise/admin# application start ise safe
go to GUI change settings back
ise/admin# application stop ise
ise/admin# application start ise
Regards, Max
11-21-2017 02:09 PM
Changing IP addresses causes the applications to restart (if I remember correctly). Did the application restart after changing the IP addresses?
Tried a different browser in case the usual one was caching some stuff?
11-21-2017 10:10 PM - edited 11-21-2017 10:13 PM
Hi;
Yes the ISE was restarted after the IP change, but now, even after a day after that, I'm getting the same error. I tried all of the possible browsers as well as IP and DNS names. but the result was the same. I checked the ISE app status and all of the services are still marked as "Running".
11-22-2017 12:03 PM - edited 11-22-2017 12:04 PM
Assuming that you cleared the cache on each browser AND tried accessing the node using the IP or FQDN name but both failed, then I would check if there is a FW not allowing you to access the new IP for Primary PAN. IF that is not the case, then REBOOT the server. Sometimes the application stop/start does not work at all so a complete reload could be necessary.
11-23-2017 11:27 PM
the FW is not the case, cause I can ping that IP and even establish SSH session and run command on the ISE through new IPs. I powered off/on the devices but no chance. the error is the same. I think there should be a bug here. I search the Internet and managed to find reports on the same error on the ISE which caused by a bug on ISE, but their conditions were not related to IP changes. So I don't know if there is one here.
11-24-2017 09:50 AM
I am using 2.2 and I have faced multiple issues. Let me clarify on the other hand that SSH has nothing to do with HTTPS, same about ping.
I would suggest you to remove whatever you have on Gig1 and just use Gig0 for traffic and administration, reboot the server once you make those changes and see what happens. If you are hitting a bug related to multiple interfaces/IP then using only one could help you to narrow down the issue.
11-25-2017 03:11 PM
I removed IP address of gig1 interface and disabled it. then restarted the ISE, but the result was the same. As I use it as demo in the lab, I think it is better to reinstall it. But it should have a reason and that would be good if we know it.
05-15-2018 01:59 AM
Hi ciscoworlds
I know the post is quite old but can you check if you are accessing the ISE GUI from an Unauthorized IP address range if you enable that under ISE admin Access as shown below as it would give the same error you mentioned.
04-18-2018 08:51 AM
05-15-2018 01:06 AM
05-16-2018 01:19 PM
Try doing this it may help to get you in, but not resolve the problem. It can also provide more information for when you ope a TAC case beyond cannot log in through gui.
SSH into the ISE server. Once you are logged in, run the command application stop ise. When everything stops, run "application start ise safe". before you log in through the gui, run "show application status ise" and make sure the application server is running. Once it show running, then attempt to log in. If you are able to, it may have something to do with the admin access. I don't know for sure what it would be, but something to look at and at least you can get in through the gui.
Apologies that I can't help you more. Cisco support helped me to get to that point before I figured out my problem when I got the error.
06-19-2019 02:23 PM
"Apologies that I can't help you more. Cisco support helped me to get to that point before I figured out my problem when I got the error."
You say that Cisco support helped you to that point then you figured out your problem. What was your problem?
05-17-2019 12:47 PM
05-17-2019 01:11 PM
No, that would not work. ISE Admin CLI and Web UI have different sets of users and credentials. In ISE Admin CLI, we may reset the password of an ISE Admin Web UI user, however, by "app reset-passwd ise <WebUI-AdminUser-Name>"
06-03-2019 01:37 AM - edited 06-03-2019 01:40 AM
Hello All,
I had the same issue.
I've got access to console on VM.
I run ISE application ise in safe mode. After got access to GUI.
ise/admin# application stop ise
ise/admin# application start ise safe
go to GUI change settings back
ise/admin# application stop ise
ise/admin# application start ise
Regards, Max
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide