Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
229
Views
1
Helpful
6
Replies

Cisco ISE 3.2 Application Server stuck in 'Initializing' State

Gehrig_W
Level 1
Level 1

‎08-05-2025 01:40 AM - edited ‎08-05-2025 02:12 AM

Dear community,

I deployed 2x Cisco ISE 3.2 Small VMs. Recently I found Secondary ISE2 application server is stuck in the "Initializing" state.

It also has no connection anymore to the Active Directory.

The Deployment page on ISE2 shows an orange traffic sign for ISE2 meaning Node not in sync with PAP ,Please do a manual sync

Information for the current setup:

1. Application stop, start, stop, start safe did not change the problem state.

2. Hardware Resources are based on best practices of: 64GB RAM, 16CPU and 600GB Disk.

3. Solution is VMware based. All filesystems have sufficient free space.

4. DNS, NTP were synchronized and working correctly.

5. ISE 1 can ping to ISE 2 and vice versa.

Besides Application Server stuck in 'Initializing' State, the following Services are not running like on ISE1:

ISE API Gateway Service not running
ISE pxGrid Direct Service disabled

show logging system ade/ADE.log tail  shows lines like this besides many other lines:

2025-08-05T10:57:20.670006+02:00 vise2 root: info:[application:operation:kong-control.sh] Setting up ISE API Gateway Service
2025-08-05T10:57:20.671439+02:00 vise2 root: info:[application:operation:kong-control.sh] certificate does not exist, downloading it.

Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production

025-08-05T11:01:30.232693+02:00 vise2 root: ERROR at line 5:
2025-08-05T11:01:30.232695+02:00 vise2 root: ORA-06550: line 5, column 117:
2025-08-05T11:01:30.232698+02:00 vise2 root: PL/SQL: ORA-00942: table or view does not exist
2025-08-05T11:01:30.232700+02:00 vise2 root: ORA-06550: line 5, column 1:
2025-08-05T11:01:30.232702+02:00 vise2 root: PL/SQL: SQL Statement ignored
2025-08-05T11:01:30.232704+02:00 vise2 root: ORA-06550: line 8, column 18:
2025-08-05T11:01:30.232707+02:00 vise2 root: PL/SQL: ORA-00942: table or view does not exist
2025-08-05T11:01:30.232708+02:00 vise2 root: ORA-06550: line 8, column 1:
2025-08-05T11:01:30.232711+02:00 vise2 root: PL/SQL: SQL Statement ignored

com.cisco.epm.pap.api.exceptions.SQLException: null; nested exception is:
java.lang.NullPointerException

org.hibernate.service.spi.ServiceException: Unable to create requested service [org.hibernate.engine.jdbc.connections.spi.ConnectionProvider]

Caused by: org.hibernate.HibernateException: Could not instantiate connection provider [com.cisco.epm.edf2.txn.DBCPConnectionProvider]

Caused by: java.lang.RuntimeException: Failed to initialize DB adapter

com.cisco.epm.edf2.exceptions.BaseEDFException: Cannot load session config

Do you guys have any idea why this is happening and how I can recover our secondary ISE2  again ?

Thank You in advance

Greetings from Frankonia

Wini

0 Helpful
6 Replies 6

O_A_H
Level 1
Level 1

‎08-05-2025 02:13 AM

Hi @Gehrig_W ,

Try to check replication logs under /var/log/replication.log and ise-psc.log for errors. Also try to deregister ISE2 and register again and see if that changes the situation.

0 Helpful

Gehrig_W
Level 1
Level 1
In response to O_A_H

‎08-06-2025 12:29 AM

Hello O_A_H,

can You please explain, how I can check the mentioned replication logs in Cisco ISE CLI?

What is the command to show the files ?

Thank You

Kind Regards

Wini

 

0 Helpful

PSM
Level 1
Level 1

‎08-06-2025 03:51 AM

@Gehrig_W you can use this command

show logging application ise-psc.log

Did you try reload of VM ? Also is there any firewall between both nodes. If yes don't forget to verify if there are required openings and traffic is not dropped there.

These are the ports TCP443, TCP12001, TCP8671, TCP6379, TCP15672, TCP6514, TCP8910.

 

0 Helpful

Gehrig_W
Level 1
Level 1

‎08-06-2025 04:57 AM - edited ‎08-06-2025 05:45 AM

Hello, thank You for Your help so far.

Here is the solution for 

Cisco ISE 3.2 Application Server stuck in 'Initializing' State

Deregistered the node + "application reset-config ise" without keeping the certificate.

After that, we registered the node back to the deployment and exported and imported the radius-certificate from primary ise again without any issues.  Connection into Active directory came back automatically to Secondary ISE.

Pay attention:

If You choose "application reset-config ise" with keeping the certificate instead, You will end up in another error
===
ERROR: DATABASE PRIMING FAILED!
This could be the result of incorrect network interface configuration, or lack of resources on the appliance or VM.
Please fix the issue and run the following CLI to re-prime database:'application reset-config ise'

====
The solution for both, this Database Priming failure and Application Server Initializing error, solved with keeping the certificates during "application reset-config ise" can be found also here:

https://community.cisco.com/t5/network-access-control/database-priming-fails-what-s-causing-it/td-p/3479401
Kind regards

Wini
Version 3.2 Patch6



 

 

 

O_A_H
Level 1
Level 1
In response to Gehrig_W

‎08-06-2025 06:37 AM

Glad to know that deregister/register worked with you!

0 Helpful

Marcelo Morais
VIP
VIP
In response to Gehrig_W

‎08-06-2025 07:07 PM

Hi @Gehrig_W ,

 I understand that your issue is solved ... just one question:

 Even though you installed ISE 3.2 P6 from scratch, did the "initializing" problem occur, am I correct ?

 

Regards

 

0 Helpful
Customers Also Viewed These Support Documents