Hi;

Yes the ISE was restarted after the IP change, but now, even after a day after that, I'm getting the same error. I tried all of the possible browsers as well as IP and DNS names. but the result was the same. I checked the ISE app status and all of the services are still marked as "Running". 

Assuming that you cleared the cache on each browser AND tried accessing the node using the IP or FQDN name but both failed, then I would check if there is a FW not allowing you to access the new IP for Primary PAN. IF that is not the case, then REBOOT the server. Sometimes the application stop/start does not work at all so a complete reload could be necessary.

the FW is not the case, cause I can ping that IP and even establish SSH session and run command on the ISE through new IPs. I powered off/on the devices but no chance. the error is the same. I think there should be a bug here. I search the Internet and managed to find reports on the same error on the ISE which caused by a bug on ISE, but their conditions were not related to IP changes. So I don't know if there is one here. 

I am using 2.2 and I have faced multiple issues. Let me clarify on the other hand that SSH has nothing to do with HTTPS, same about ping.

I would suggest you to remove whatever you have on Gig1 and just use Gig0 for traffic and administration, reboot the server once you make those changes and see what happens. If you are hitting a bug related to multiple interfaces/IP then using only one could help you to narrow down the issue.

I removed IP address of gig1 interface and disabled it. then restarted the ISE, but the result was the same. As I use it as demo in the lab, I think it is better to reinstall it. But it should have a reason and that would be good if we know it. 

Hi ciscoworlds

I know the post is quite old but can you check if you are accessing the ISE GUI from an Unauthorized IP address range if you enable that under ISE admin Access as shown below as it would give the same error you mentioned.

Try doing this it may help to get you in, but not resolve the problem. It can also provide more information for when you ope a TAC case beyond cannot log in through gui.

SSH into the ISE server. Once you are logged in, run the command application stop ise. When everything stops, run "application start ise safe". before you log in through the gui, run "show application status ise" and make sure the application server is running. Once it show running, then attempt to log in. If you are able to, it may have something to do with the admin access. I don't know for sure what it would be, but something to look at and at least you can get in through the gui.

Apologies that I can't help you more. Cisco support helped me to get to that point before I figured out my problem when I got the error.

"Apologies that I can't help you more. Cisco support helped me to get to that point before I figured out my problem when I got the error."

You say that Cisco support helped you to that point then you figured out your problem. What was your problem?

No, that would not work. ISE Admin CLI and Web UI have different sets of users and credentials. In ISE Admin CLI, we may reset the password of an ISE Admin Web UI user, however, by "app reset-passwd ise <WebUI-AdminUser-Name>"