02-01-2022 04:07 AM - edited 02-01-2022 04:12 AM
Hi, under my ISE homepage some dashlets are displaying data but some are not.
Data Displayed
1. Alarms
2. System Summary
3. Endpoints
4. Endpoints Categories
5. Identity Group
Not Displaying any Data (Please refer to attached screenshots)
1. Authentications
2. Network Devices
3. Devices Type
4. Location
ISE version is 3.0.0.458, Browser is Microsoft Edge 92.0.902.67 and Chrome 92.0.4514.159.
The NAS (network devices) Cisco Switches Catalyst 9200,9300, etc had been authenticated successfully via Radius using the AD account, so I assume about items should have displayed some data ? Or did I missed out some configurations somewhere at ISE or the NAS or some services at the CLI should be running ?
Thanks,
Desmond
02-01-2022 09:25 AM
Do you see the normal RADIUS live logs getting generated properly? as you seem to have the Queue Link Error events generated, I would check if the ISE Messaging Settings is turned on, if so, I would turn it off. This new feature seems to be buggy, and I had seen a few issues on different deployments where I had to turn it off to get the loggings and the dashboard stats to work.
02-01-2022 08:27 PM
Hi Aref Alsouqi, yes Radius logs looks ok. ISE Messaging I do need to verify again, let me update again.
Beside these 2, could it be other issues ?
Thanks,
Desmond
02-15-2022 07:19 AM
Hi Aref, I have checked the ISE Messaging Settings is turned off. I do not some Queue Link Errors (attached) but do not quite understand what is it.
For 2,3 and 4, could it be somehow related to SNMP configuration at the switches, I need to point it to ISE ? Then at ISE I configure the SNMP under the device settings page.
1. Authentications
2. Network Devices
3. Devices Type
4. Location
02-02-2022 04:32 AM
Hi Desmond, to be honest I'm not sure, but based on my experience with a few deployments I had to turn off that messaging feature to get back to business. A couple of times that was also TAC suggestion.
If you want to dig deeper into this, try to check what the Queue Link error are complaining about, if you see them complaining about the unknown root CA, then you would need to regenerate the ISE root CA certs which will be propagated to all the nodes in the deployment. You would also want to regenerate the ISE messaging services cers. If you see the Queue Link error complaining about a connection refusal then you might want to check if there is any firewall in between and allow port 8671/tcp. Either way and based on my experience, the dashboard widgets would be affected if the messaging services are not running properly, which seems to be the case on your build as you have those Queue Link error alerts. Alternatively, I would work with TAC on this.
02-02-2022 10:23 PM
02-15-2022 07:44 AM
I had the same issue with ISE 3.0p5. I also saw it in 2.7p3.
Queue Link Bug:
---------
The workaround is:
1.- Regenerate ISE Root CA
2.- Regenerate ISE Messaging service Certificate.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr40715
After performing the workaround I no longer had the queue link issue. HTH.
02-15-2022 07:14 PM
02-16-2022 04:11 AM
For the dashboard issue I am not 100% sure. Your best bet there on that one is to work with TAC.
02-20-2022 03:28 AM
Sure, no problem thanks Mike.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide