01-28-2022 10:48 PM
Hi,
I have an issue with the access webui of ISE v2.7. I can not access in the webui. ISE shows a message:
2022-01-29 03:54:32,569 ERROR [webSec-2][] cpm.admin.restui.websec.PatternBasedAnalyzer -::::- Value was found harmful by the pattern:com.cisco.cpm.admin.re stui.websec.InsecurePattern:[dollarSign] pattern:(.*)\$(.*) action:Escape value:class com.cisco.cpm.admin.infra.action.LoginAction$SecurityCheck parameter name:class exclusionTag:SecurityCheck
2022-01-29 03:54:32,593 INFO [admin-http-pool27][] cpm.admin.infra.action.LoginActionResultHandler -::::- Redirected to: /admin/login.jsp?mid=server_maintenance
2022-01-29 03:54:32,569 ERROR [admin-http-pool27][] cpm.admin.infra.action.LoginAction -::::- Can't save locale. loginSuccess: false
2022-01-29 03:54:32,572 INFO [admin-http-pool27][] cisco.ise.ups.internaluser.InternalUserServiceImpl -::::- going to save admin
2022-01-29 03:54:32,572 INFO [admin-http-pool27][] cisco.ise.ups.internaluser.InternalUserServiceImpl -::::- done validation for user admin
2022-01-29 03:54:32,574 INFO [admin-http-pool27][] cisco.ise.ups.internaluser.InternalUserServiceImpl -::::- retrieved RBAC groups for user adunique. numbe r of groups: 1
2022-01-29 03:54:32,576 INFO [admin-http-pool27][] cisco.ise.ups.internaluser.InternalUserServiceImpl -::::- Going to persist user admin
2022-01-29 03:54:32,578 INFO [admin-http-pool27][] com.cisco.epm.jms.AQMessgeHandler -::::- Publishing message for event [TxnCommit / commit] and message c lass[class com.cisco.epm.pap.api.transaction.Transaction]
2022-01-29 03:54:32,593 INFO [admin-http-pool27][] cisco.ise.ups.internaluser.InternalUserServiceImpl -::::- Successfully persisted user admin
2022-01-29 03:54:32,593 INFO [admin-http-pool27][] cisco.ise.ups.internaluser.InternalUserServiceImpl -::::- Sent audit for user admin
2022-01-29 03:54:32,593 INFO [admin-http-pool27][] cpm.admin.infra.action.LoginActionResultHandler -::::- Redirected to: /admin/login.jsp?mid=server_maintenance
2022-01-29 03:54:32,593 INFO [admin-http-pool27][] cpm.admin.infra.spring.ISEAdminControllerUtils -::::- Empty or null forwardStr for: https://IP PAN /admin/LoginAction.do
2022-01-29 03:54:32,942 INFO [admin-http-pool98][] cpm.admin.infra.action.AdminAuthenticationAction -::::- In AdminAuthenticationAction.loadIdentityStores method called
01-29-2022 01:59 AM
Details - you posted - you see in the browser while accessing ISE GUI :
Try Command level and check below :
>show application status ise ( what is the application server status ?)
> Application stop ise ( this will stop the ISE application)
>Application start ise safe ( start with safe)
>show application status ise ( what is the application server status ?) - if that started
check the GUI access
01-29-2022 03:42 AM
Restarting ISE application as suggested might fix the issue. If not, I would try to reload the node, and if that doesn't help I would go with ISE applications factory reset via the command "application reset-config ise". Also, I would check that the latest patch is applied to the node which I believe it is patch 6.
01-29-2022 04:02 AM
- Beside other replies before and after restart (if problems persist) , also have a look at : show logging system ade/ADE.log
M.
01-29-2022 09:42 PM
Hi Marce
All services are running in show app sta ise. I tried to access with internal user and AD user but we can not access.
Maybe we are hitting to bug CSCvb64350.
Do you have any idea?
REgard, Ivan
01-30-2022 03:59 PM
CSCvb64350 is a doc bug and the admin guide has been updated in Cisco Identity Services Engine / Install and Upgrade Guides / Cisco Identity Services Engine Administrator Guide, Release 2.1 / Setup Cisco ISE Management Access / Chapter: Manage Administrators and Admin Access Policies /Create an Admin Group
...
Step 3 Check the corresponding check box to specify the Type of administrator group you are configuring:
Internal: Administrators assigned to this group type authenticate against the credentials that are stored in the Cisco ISE internal database.
External: Administrators assigned to this group authenticate against the credentials stored in the external identity store that you select in the Administration > System > Admin Access > Authentication > Authentication Method window. You can specify the external groups, if required.
Note If an internal user is configured with an external identity store for authentication, while logging in to the ISE Admin portal, the internal user must select the external identity store as the Identity Source. Authentication will fail if Internal Identity Source is selected.
...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide