Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4550
Views
0
Helpful
3
Replies

Cisco ISE Nodes Synchronization Problem.

Andrew Mathu
Level 1
Level 1

‎01-31-2019 04:50 AM

Hello,

 

We have an ISE deployment running ISE version 2.3. We recently deployed ISE patch five to the setup. Afterwards, only the Primary admin node became connected. Under Administration > Deployment, the rest of the nodes show "Not in Sync" with an orange warning next to them

 

.A manual snyc using Syncup does not resolve the issue as the nodes go to the state "In Progress" and this can last up to three hours, after which they revert back to the "Not in Sync" error.

 

The nodes are: Primary Admin, Secondary Admin, PSN1, PSN2 and a pXGrid node. Only the primary admin node shows the "Green" connected icon. When we check the status of the patch 5 on the individual nodes using "show version" in CLI it indicates it has the patch. The ISE admin node under Administration > Maintenance > Patch management shows all the nodes received the patch when we select it and display " Show Node Status".

 

We have checked the network connectivity and all is okay. All nodes can reach each other and there is no latency/jitter. DNS  is resolvable from all nodes by using nslookup. There is also no firewall in between to block communications.

 

When we removed patch five from one of the PSN nodes and reverted back to patch 4, there was still no change and the error "In progress" persisted.

 

What could be the issue?

1 person had this problem
0 Helpful
3 Replies 3

Sheraz.Salim
VIP
VIP

‎01-31-2019 05:23 AM

check all the node NTP is syn to NTP server.

please do not forget to rate.
0 Helpful

SunilRana4599
Level 1
Level 1
In response to Sheraz.Salim

‎06-30-2019 07:48 AM

Yeah, Make sure both are synchronized with NTP, and if you still have issues then Deregister and add it back.

0 Helpful

00ulx9ygk0pTDALTS5d6
Level 1
Level 1

‎05-04-2021 03:54 AM

I have also face same issues version 2.3. ISE nodes not sync expect Primary PAN Node show green. NTP,DNS are fine. Please suggest.

 

0 Helpful
Customers Also Viewed These Support Documents