Re: Dashlets not display data under ISE 3.0.0.458

Desmond Lee · ‎02-01-2022

Hi, under my ISE homepage some dashlets are displaying data but some are not.

Data Displayed

1. Alarms

2. System Summary

3. Endpoints

4. Endpoints Categories

5. Identity Group

Not Displaying any Data (Please refer to attached screenshots)

1. Authentications

2. Network Devices

3. Devices Type

4. Location

ISE version is 3.0.0.458, Browser is Microsoft Edge 92.0.902.67 and Chrome 92.0.4514.159.

The NAS (network devices) Cisco Switches Catalyst 9200,9300, etc had been authenticated successfully via Radius using the AD account, so I assume about items should have displayed some data ? Or did I missed out some configurations somewhere at ISE or the NAS or some services at the CLI should be running ?

Thanks,

Desmond

Aref Alsouqi · ‎02-01-2022

Do you see the normal RADIUS live logs getting generated properly? as you seem to have the Queue Link Error events generated, I would check if the ISE Messaging Settings is turned on, if so, I would turn it off. This new feature seems to be buggy, and I had seen a few issues on different deployments where I had to turn it off to get the loggings and the dashboard stats to work.

Desmond Lee · ‎02-01-2022

Hi Aref Alsouqi, yes Radius logs looks ok. ISE Messaging I do need to verify again, let me update again.

Beside these 2, could it be other issues ?

Thanks,

Desmond

Desmond Lee · ‎02-15-2022

Hi Aref, I have checked the ISE Messaging Settings is turned off. I do not some Queue Link Errors (attached) but do not quite understand what is it.

For 2,3 and 4, could it be somehow related to SNMP configuration at the switches, I need to point it to ISE ? Then at ISE I configure the SNMP under the device settings page.

1. Authentications

2. Network Devices

3. Devices Type

4. Location

Aref Alsouqi · ‎02-02-2022

Hi Desmond, to be honest I'm not sure, but based on my experience with a few deployments I had to turn off that messaging feature to get back to business. A couple of times that was also TAC suggestion.

If you want to dig deeper into this, try to check what the Queue Link error are complaining about, if you see them complaining about the unknown root CA, then you would need to regenerate the ISE root CA certs which will be propagated to all the nodes in the deployment. You would also want to regenerate the ISE messaging services cers. If you see the Queue Link error complaining about a connection refusal then you might want to check if there is any firewall in between and allow port 8671/tcp. Either way and based on my experience, the dashboard widgets would be affected if the messaging services are not running properly, which seems to be the case on your build as you have those Queue Link error alerts. Alternatively, I would work with TAC on this.

Desmond Lee · ‎02-02-2022

Hi Aref, thanks very much for the details, I will look into it deeper.

Mike.Cifelli · ‎02-15-2022

I had the same issue with ISE 3.0p5. I also saw it in 2.7p3.

Queue Link Bug:
---------
The workaround is:
1.- Regenerate ISE Root CA
2.- Regenerate ISE Messaging service Certificate.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr40715

After performing the workaround I no longer had the queue link issue. HTH.

Desmond Lee · ‎02-15-2022

Hi Mike, noted but would that solve the dashboard issue ?

Thanks

Mike.Cifelli · ‎02-16-2022

For the dashboard issue I am not 100% sure. Your best bet there on that one is to work with TAC.

Desmond Lee · ‎02-20-2022

Sure, no problem thanks Mike.