Re: DNAC - ISE integration - "certificate received from Cisco ISE

Jayashanker warrier · ‎08-17-2024

DNAC - Version 2.3.5.6, ISE 3.2

When integrating getting the following error "Failed to connect to Cisco ISE node - certificate received from Cisco ISE is not known to Cisco DNA Center, please try to re-integrate(edit settings and reenter password) Cisco ISE" ...

Tried re-generating certificate but the same issue... The below logs are from "magctl service logs -r -f network-design-service"

2024-08-17 13:58:13,724 | INFO | SimpleAsyncTaskExecutor-1 | | c.c.a.c.s.h.IseDiagnosticDataMessageHandler | Found 1 PRIMARY nodes. Sending system health notifications to maglev for these 2 nodes |
2024-08-17 13:58:13,726 | INFO | SimpleAsyncTaskExecutor-1 | | c.c.a.c.s.h.IseDiagnosticDataMessageHandler | MaglevEvent : ID: SYSTEM_EXTERNAL_ISE_AAA_TRUST, Name: ISE AAA Trust Establishment, Namespace: SystemRawEvent, Domain: Integrations, Subdomain: ISE, Type: SYSTEM, Category: ERROR, Context: TRUST, Description: ISE AAA Trust Establishment : Primary : Failed to connect to Cisco ISE node - certificate received from Cisco ISE is not known to Cisco DNA Center, please try to re-integrate(edit settings and reenter password) Cisco ISE., InstanceId: 25617ed9-15ac-49c6-aad4-69b0eb6d6105, Source: AAA Trust Establishment, TenantId: 66bc8e19fdd5215f02b769be, Version: 1.0.0, Severity: 1, TimeStamp: 1723903093724, Payload: {"event_payload":{"hostName":"##################","fqdnModified":false,"role":"PRIMARY","creationTime":"2024-08-17 13:58 PM UTC","diagnosticReport":[{"connectionStatus":"FAILURE","title":"Failed to connect to Cisco ISE node - certificate received from Cisco ISE is not known to Cisco DNA Center, please try to re-integrate(edit settings and reenter password) Cisco ISE."}],"aaaInstanceUuid":"1d298b90-a3f9-41f8-a55d-b0e077ab8457","ipAddress":"192.168.1.2","trustState":"UNTRUSTED","ciscoIseInstanceUuid":"0380c050-e804-4ba2-95d2-4ad866c22443","state":"INACTIVE","connectionType":"TRUST"},"system_event":{"event":"Failed","tags":"ISE_AAA","event_instance_id":{"hostname":"********************","ip":"192.168.1.2"}}} |
2024-08-17 13:58:13,727 | INFO | SimpleAsyncTaskExecutor-1 | | c.cisco.maglev.sdk.events.Publisher | published event with routingKey m.maglevevents to exchange e.maglevevents |
2024-08-17 13:58:13,730 | INFO | SimpleAsyncTaskExecutor-1 | | c.c.a.c.s.h.IseDiagnosticDataMessageHandler | Processing system health notification for DELETED nodes

marce1000 · ‎08-17-2024

- Have a look at https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-3-7/install_guide/2ndgen/b_cisco_dna_center_install_guide_2_3_7_2ndGen/m_complete_first_time_setup_2_3_7_2ndgen.html#task_ikj_pg3_sfb
There are a number of topics mentioned , related to certificates , check them out

+ You may find this thread informative : https://www.reddit.com/r/networking/comments/qeopgy/its_me_again_the_ise_n00b_need_some_big_brain/

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Torbjørn · ‎08-17-2024

What message do you get when trying to re-integrate from DNAC as this error-message suggests? You would usually be prompted to trust the unknown certificate and have no further issues afterwards, unless something else than the certificate has also changed.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

DNAC - ISE integration - "certificate received from Cisco ISE is not."