Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
86
Views
0
Helpful
1
Replies

DNAC - ISE integration - "certificate received from Cisco ISE is not."

Jayashanker warrier
Level 1
Level 1

‎08-17-2024 07:23 AM

DNAC - Version 2.3.5.6, ISE 3.2

When integrating getting the following error "Failed to connect to Cisco ISE node - certificate received from Cisco ISE is not known to Cisco DNA Center, please try to re-integrate(edit settings and reenter password) Cisco ISE" ... 

Tried re-generating certificate but the same issue... The below logs are from "magctl service logs -r -f network-design-service"

2024-08-17 13:58:13,724 | INFO | SimpleAsyncTaskExecutor-1 | | c.c.a.c.s.h.IseDiagnosticDataMessageHandler | Found 1 PRIMARY nodes. Sending system health notifications to maglev for these 2 nodes |
2024-08-17 13:58:13,726 | INFO | SimpleAsyncTaskExecutor-1 | | c.c.a.c.s.h.IseDiagnosticDataMessageHandler | MaglevEvent : ID: SYSTEM_EXTERNAL_ISE_AAA_TRUST, Name: ISE AAA Trust Establishment, Namespace: SystemRawEvent, Domain: Integrations, Subdomain: ISE, Type: SYSTEM, Category: ERROR, Context: TRUST, Description: ISE AAA Trust Establishment : Primary : Failed to connect to Cisco ISE node - certificate received from Cisco ISE is not known to Cisco DNA Center, please try to re-integrate(edit settings and reenter password) Cisco ISE., InstanceId: 25617ed9-15ac-49c6-aad4-69b0eb6d6105, Source: AAA Trust Establishment, TenantId: 66bc8e19fdd5215f02b769be, Version: 1.0.0, Severity: 1, TimeStamp: 1723903093724, Payload: {"event_payload":{"hostName":"##################","fqdnModified":false,"role":"PRIMARY","creationTime":"2024-08-17 13:58 PM UTC","diagnosticReport":[{"connectionStatus":"FAILURE","title":"Failed to connect to Cisco ISE node - certificate received from Cisco ISE is not known to Cisco DNA Center, please try to re-integrate(edit settings and reenter password) Cisco ISE."}],"aaaInstanceUuid":"1d298b90-a3f9-41f8-a55d-b0e077ab8457","ipAddress":"192.168.1.2","trustState":"UNTRUSTED","ciscoIseInstanceUuid":"0380c050-e804-4ba2-95d2-4ad866c22443","state":"INACTIVE","connectionType":"TRUST"},"system_event":{"event":"Failed","tags":"ISE_AAA","event_instance_id":{"hostname":"********************","ip":"192.168.1.2"}}} |
2024-08-17 13:58:13,727 | INFO | SimpleAsyncTaskExecutor-1 | | c.cisco.maglev.sdk.events.Publisher | published event with routingKey m.maglevevents to exchange e.maglevevents |
2024-08-17 13:58:13,730 | INFO | SimpleAsyncTaskExecutor-1 | | c.c.a.c.s.h.IseDiagnosticDataMessageHandler | Processing system health notification for DELETED nodes

0 Helpful
1 Reply 1

marce1000
VIP
VIP

‎08-17-2024 08:14 AM

 

  - Have a look at https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-3-7/install_guide/2ndgen/b_cisco_dna_center_install_guide_2_3_7_2ndGen/m_complete_first_time_setup_2_3_7_2ndgen.html#task_ikj_pg3_sfb
                           There are a number of topics mentioned , related to certificates , check them out

   + You may find this thread informative : https://www.reddit.com/r/networking/comments/qeopgy/its_me_again_the_ise_n00b_need_some_big_brain/

   M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful
Customers Also Viewed These Support Documents