07-07-2016 09:43 AM
Have a two node deployment running 2.1. M&T is active on the secondary node. Primary node does not populate the dashlets on the home page and when clicking on Context Visibility the page gives an Internal Server Error. On the secondary node all is working OK and I have access to all context visibility. I've promoted the secondary to primary and rebuilt the original primary but still receive the error. Application Status shows the Indexing Engine process running. However when I stop/start the ISE processes, the Indexing Engine gave a failed to start error. But it still show up as running on a subsequent status check. Both ISE nodes have primary and reverse names loaded in DNS.
I've rebuilt, reset and rebooted. How can I troubleshoot this further?
application start ise
Starting ISE Monitoring & Troubleshooting Session Database...
Starting ISE Profiler Database...
Starting ISE pxGrid processes...
Starting ISE Application Server...
Starting ISE Indexing Engine...
ISE Indexing Engine did not start
Starting ISE Certificate Authority Service...
Starting ISE EST Service...
Starting ISE Sxp Engine Service...
Starting ISE Monitoring & Troubleshooting Log Processor...
Starting ISE Monitoring & Troubleshooting Log Collector...
Starting ISE AD Connector...
Note: ISE Processes are initializing. Use 'show application status ise'
CLI to verify all processes are in running state.
ISE PROCESS NAME | STATE | PROCESS ID |
--------------------------------------------------------------------
Database Listener | running | 1722 |
Database Server | running | 65 PROCESSES |
Application Server | running | 3360 |
Profiler Database | running | 22123 |
ISE Indexing Engine | running | 28967 |
AD Connector | running | 7101 |
M&T Session Database | running | 28548 |
M&T Log Collector | running | 30750 |
M&T Log Processor | running | 30663 |
Certificate Authority Service | running | 32006 |
EST Service | running | 2899 |
SXP Engine Service | running | 3970 |
Thanks.
07-07-2016 10:22 AM
… configured reverse DNS lookup? Other than that, you can check the logs files vcs.log and ise-psc.log on the Primary node and profiler.log on the Policy node for any errors.
Since you already fixed the DNS records, please check the other items.
07-21-2016 05:49 AM
I have a 9-node ISE deployment (2 x Admin, 2 x M&T, 5 x PSN) with exactly the same issue.
The deployment was upgraded 1.2->1.4->-2.1. Working fine until the 1.4 PAN was moved over at the end of the upgrade process. Promoting the Secondary Admin Node to Primary does not fix the problem.
Looks like this is a bug...
-Chris
07-21-2016 07:36 AM
There are a couple of bugs open on this area. Please open a TAC case if not already done. Thanks.
07-25-2016 02:59 AM
Hi all...
Any news on that issue? I am experiencing the same issue!
When opening the Context Visibility > Endpoints I am getting "Internal Server Error".
Currently I am unable to add Internal Endpoints for MAB...
Have you already got a solution from TAC?
Thanks and BR!
07-25-2016 03:03 AM
Not yet - we do have a TAC case open.
07-28-2016 07:13 AM
Hello
What is the the case number ?
Regards
Michal
07-29-2016 09:08 PM
Configuring DNS reverse lookup for ISE nodes works for me. I have similar error after we upgrade to 2.1 and do the failover. This is base on bug ID CSCva01828.
08-08-2016 04:27 AM
Ok, this workaround is working for me...
Failover to secondary ISE "enables" the Endpoints menu again...
08-08-2016 04:56 AM
We have been advised to Generate admin persona certificates for all ISE nodes in the deployment with their IP as a SAN field:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva56322/?reffering_site=dumpcr
08-12-2019 07:23 AM
we are also facing same issue version 2.3 patch 6 . Did you enabled that settings ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide