cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2262
Views
2
Helpful
10
Replies

Cisco ISE Profiler update broken following upgrade to 2.1

gvoden4prez
Level 1
Level 1

Recently upgraded my lab environment from 1.4 to 2.1 and the Profiler feed updates are failing with the below error:

FeedService test connection failed : Feed Service unavailable : ConnectException invoking https://ise.cisco.com:8443/feedserver/feed/serverinfo?ISE_VERSION=2.1.0.474: Network is unreachable **Please ensure that the certificate store on ISE has a valid and enabled entry for either the root certificate or the intermediate certificate for the SSL server certificate chain of Cisco ISE feed server. **Please ensure that Proxy settings are configured if needed to reach Feed Server.

I have all required certificates in my trust store so that's not an issue. Please advise if anyone has seen this issue before.

thanks

10 Replies 10

hslai
Cisco Employee
Cisco Employee

Yes, we've reported it to the team.

Meanwhile, please try the offline-update option.

stayd
Level 1
Level 1

Yes, we have the same issue. It appers 3 days ago, beginning from 29th of October and it is not just after upgrading from one previous version of ise to version 2.1. We operate version 2.1 since beggining of August.

Do you have some answers from TAC team ?

Haven't called TAC yet as I found I was getting responses a lot quicker via this forum.

In this particular issue it seems that ISE doesn't even attempt to go out and fetch the feed updates,

I don't see any logs in my firewall since the upgrade.

hslai
Cisco Employee
Cisco Employee

This service is working at the moment. Please check.

It's working for me now. However the way I got it to work was to promote the standby PAN node to primary. I am going to fail it back to secondary and see if it is still working.

For me now too again. It seems like that.

For me it only started working after I promoted the secondary PAN/MnT to primary. I am going to fail it back now and re-test. The updates are happening on TCP 8443 so you need to have that allowed outbound on your firewall.

gvoden4prez
Level 1
Level 1

So I just failed back to my original PAN node and the profiler feed updates are failing with the original error:

FeedService test connection failed : Feed Service unavailable : ConnectException invoking https://ise.cisco.com:8443/feedserver/feed/serverinfo?ISE_VERSION=2.1.0.474: Network is unreachable **Please ensure that the certificate store on ISE has a valid and enabled entry for either the root certificate or the intermediate certificate for the SSL server certificate chain of Cisco ISE feed server. **Please ensure that Proxy settings are configured if needed to reach Feed Server.

I believe something must have gone wrong on that particular box following the upgrade.

Yours is the first I heard that the ISE profiling feed failed after an upgrade to ISE 2.1. As your secondary PAN did not have this issue, it might be best for you to promote it as the primary PAN and then rebuild this problem box.

gvoden4prez
Level 1
Level 1

Thanks, finally fixed. It was a routing issue with the default gateway on this server:

It was using the below notation which should work fine:

ip route 0.0.0.0 0.0.0.0 gateway 10.86.224.237

however I compared to my other PAN and the default gateway command was set as:

ip default-gateway 10.86.224.237

I changed this on my main server and it's finally updating.