06-21-2024 01:59 AM
Hello ISE guys,
we are running ISE 3.2 deployment and a few days ago we had to reboot both our PAN Nodes. Reboot Secondary (B Node), wait, promote to primary (A->B), wait, reboot secondary (A Node). Since then we are facing CSSM licensing problems -> "Satellite Authorization Renewal: Details=Failed to verify signature". Now the primary PAN Node disappered from the On-Prem CSSM Satellite and the Secondary got registered. Unfortunaltely now the authorization is failing the the ISE deployment cannot sync with the CSSM Satellite.
I tried Refresh and Renew Registration but the issue persist since the token/SN cannot be verified.
Does anyone has experience with the mentioned issue or is there a certain procedure that we need to stick to?
Thank you in advance!
Kind regards
Solved! Go to Solution.
06-21-2024 03:02 PM
ISE and on-prem CSSM licensing has always been unreliable in my experience and not sure who is causing this (ISE, or CSSM). If you find a stable combination of the two, then consider yourself lucky. I occasionally have to de-register and re-register nodes to CSSM because all attempts to sync and refresh etc. don't work. Don't waste your time trying. Just de-register from CSSM, log into CSSM and if the ISE node is still there, manually delete it. Then generate a token and re-register. The CSSM feels like it's built on some pretty simplistic opensource code and I would hazard a guess, that it's not implemented in the most robust ways.
06-21-2024 03:02 PM
ISE and on-prem CSSM licensing has always been unreliable in my experience and not sure who is causing this (ISE, or CSSM). If you find a stable combination of the two, then consider yourself lucky. I occasionally have to de-register and re-register nodes to CSSM because all attempts to sync and refresh etc. don't work. Don't waste your time trying. Just de-register from CSSM, log into CSSM and if the ISE node is still there, manually delete it. Then generate a token and re-register. The CSSM feels like it's built on some pretty simplistic opensource code and I would hazard a guess, that it's not implemented in the most robust ways.
06-22-2024 01:03 AM
Hello Arne,
after all the unsuccessful Refresh and Renew registration attempts this is what we did and it helped. I thought there should or could be a more elegant solution to the problem. Thank you for the thorough explanation and sharing your expertise.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide