Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1470
Views
2
Helpful
4
Replies

Cisco ISE Queue Link Error

Go to solution
Netmart
Level 3
Level 3

‎02-03-2025 04:09 PM

Hello,

We did receive the following alert:

Queue Link Error: Message=From ISE-Node1 to ISE-Node2-ISE-1.mskcc.org; Cause={tls_alert;{unknown_ca;"tls Client:

In State Certify At Ssl_handshake.erl:1887 Generated Client Alert: Fatal - Unknown Ca\n"}

What has been checked so far:

1) Service: Running at both nodes

ISE Messaging Service                  running          20704

2) Port is open at both nodes: show ports

     tcp: 0.0.0.0:15672, 0.0.0.0:8671, 0.0.0.0:8672

3) Cert validity check

Jun 16 2022  - Jun 17 2027

Jun 24 2024 - Jun 25 2029

Version: 

Cisco Identity Services Engine

---------------------------------------------

Version      : 3.1.0.518

Build Date   : Mon Aug  9 16:28:55 2021

Install Date : Fri Jun 17 07:29:59 2022

Cisco Identity Services Engine Patch

---------------------------------------------

Version      : 3

Install Date : Fri Jun 17 08:13:40 2022

 

Any advice is much appreciated.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aref Alsouqi
VIP
VIP

‎02-04-2025 04:25 AM

The error you are getting is stating "Unknown CA" which requires regenerating ISE root and ISE messaging service certificates as per the link shared by @Mark Elsen. In addition to the above link please check this video at minute 5:41:

ISE Messaging Services and Queue Link Errors

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Mark Elsen
Hall of Fame
Hall of Fame

‎02-04-2025 12:34 AM

 

  - FYI : https://community.cisco.com/t5/security-knowledge-base/ise-queue-link-error/ta-p/4625179

  M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)

Go to solution
Aref Alsouqi
VIP
VIP

‎02-04-2025 04:25 AM

The error you are getting is stating "Unknown CA" which requires regenerating ISE root and ISE messaging service certificates as per the link shared by @Mark Elsen. In addition to the above link please check this video at minute 5:41:

ISE Messaging Services and Queue Link Errors

0 Helpful

Go to solution
netmart2
Level 1
Level 1
In response to Aref Alsouqi

‎02-13-2025 10:25 AM

Thank you Aref.

This video worked for me: regenerating ISE root and ISE messaging service certificates fixed the issue.

Customers Also Viewed These Support Documents