
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-21-2017 06:49 AM - edited 02-21-2020 10:39 AM
Hi, today I changed the IP address of the gig0 and gig1 interfaces of the ISE 2.2 (version 2.2.0.470), but since then I cannot access the GUI. I can ping those IP addresses and even can establish SSH to the ISE CLI and issue commands, but the web page gives me the following error:
--------------------------------------------------------------------
Database Listener running 3758
Database Server running 53 PROCESSES
Application Server running 8019
Profiler Database running 5319
ISE Indexing Engine running 9567
AD Connector running 17155
M&T Session Database running 5226
M&T Log Collector running 8273
M&T Log Processor running 8060
Certificate Authority Service running 16879
EST Service running 24350
SXP Engine Service disabled
Docker Daemon running 529
TC-NAC MongoDB Container running 10955
TC-NAC RabbitMQ Container running 11243
TC-NAC Core Engine Container running 13022
VA Database running 15396
VA Service running 15664
Wifi Setup Helper Container running 16023
Wifi Setup Helper Vault running 32
Wifi Setup Helper MongoDB running 15
Wifi Setup Helper Web Server running 196
Wifi Setup Helper Auth Service running 117
Wifi Setup Helper Main Service running 148
Wifi Setup Helper WLC Service running 177
Solved! Go to Solution.
- Labels:
-
Other NAC
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-03-2019 01:37 AM - edited 06-03-2019 01:40 AM
Hello All,
I had the same issue.
I've got access to console on VM.
I run ISE application ise in safe mode. After got access to GUI.
ise/admin# application stop ise
ise/admin# application start ise safe
go to GUI change settings back
ise/admin# application stop ise
ise/admin# application start ise
Regards, Max

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-21-2017 02:09 PM
Changing IP addresses causes the applications to restart (if I remember correctly). Did the application restart after changing the IP addresses?
Tried a different browser in case the usual one was caching some stuff?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-21-2017 10:10 PM - edited 11-21-2017 10:13 PM
Hi;
Yes the ISE was restarted after the IP change, but now, even after a day after that, I'm getting the same error. I tried all of the possible browsers as well as IP and DNS names. but the result was the same. I checked the ISE app status and all of the services are still marked as "Running".

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-22-2017 12:03 PM - edited 11-22-2017 12:04 PM
Assuming that you cleared the cache on each browser AND tried accessing the node using the IP or FQDN name but both failed, then I would check if there is a FW not allowing you to access the new IP for Primary PAN. IF that is not the case, then REBOOT the server. Sometimes the application stop/start does not work at all so a complete reload could be necessary.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-23-2017 11:27 PM
the FW is not the case, cause I can ping that IP and even establish SSH session and run command on the ISE through new IPs. I powered off/on the devices but no chance. the error is the same. I think there should be a bug here. I search the Internet and managed to find reports on the same error on the ISE which caused by a bug on ISE, but their conditions were not related to IP changes. So I don't know if there is one here.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-24-2017 09:50 AM
I am using 2.2 and I have faced multiple issues. Let me clarify on the other hand that SSH has nothing to do with HTTPS, same about ping.
I would suggest you to remove whatever you have on Gig1 and just use Gig0 for traffic and administration, reboot the server once you make those changes and see what happens. If you are hitting a bug related to multiple interfaces/IP then using only one could help you to narrow down the issue.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-25-2017 03:11 PM
I removed IP address of gig1 interface and disabled it. then restarted the ISE, but the result was the same. As I use it as demo in the lab, I think it is better to reinstall it. But it should have a reason and that would be good if we know it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2018 01:59 AM
Hi ciscoworlds
I know the post is quite old but can you check if you are accessing the ISE GUI from an Unauthorized IP address range if you enable that under ISE admin Access as shown below as it would give the same error you mentioned.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-18-2018 08:51 AM
# application reset-passwd ise admin
You will be prompted to enter your new password 2x and then you should be able to GUI back in and then go to the Adminstration screen and disable the 45 day policy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2018 01:06 AM
i have the same issue, i can access the SHH but not GUI. I did access to both of them last night but today I cannot. Nothing has changed and i have not changed anything.
Can you help please.
Thanks
Regards,
Star Sulaiman
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-16-2018 01:19 PM
Try doing this it may help to get you in, but not resolve the problem. It can also provide more information for when you ope a TAC case beyond cannot log in through gui.
SSH into the ISE server. Once you are logged in, run the command application stop ise. When everything stops, run "application start ise safe". before you log in through the gui, run "show application status ise" and make sure the application server is running. Once it show running, then attempt to log in. If you are able to, it may have something to do with the admin access. I don't know for sure what it would be, but something to look at and at least you can get in through the gui.
Apologies that I can't help you more. Cisco support helped me to get to that point before I figured out my problem when I got the error.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-19-2019 02:23 PM
"Apologies that I can't help you more. Cisco support helped me to get to that point before I figured out my problem when I got the error."
You say that Cisco support helped you to that point then you figured out your problem. What was your problem?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2019 12:47 PM
I have the same problem, access by SSH (CLI)
but not web access to the ISE, I do not know what may be happening, I can create another user through CLI to access the ISE through GUI.
I hope your valuable support.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2019 01:11 PM
No, that would not work. ISE Admin CLI and Web UI have different sets of users and credentials. In ISE Admin CLI, we may reset the password of an ISE Admin Web UI user, however, by "app reset-passwd ise <WebUI-AdminUser-Name>"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-03-2019 01:37 AM - edited 06-03-2019 01:40 AM
Hello All,
I had the same issue.
I've got access to console on VM.
I run ISE application ise in safe mode. After got access to GUI.
ise/admin# application stop ise
ise/admin# application start ise safe
go to GUI change settings back
ise/admin# application stop ise
ise/admin# application start ise
Regards, Max
