08-17-2024 07:23 AM
DNAC - Version 2.3.5.6, ISE 3.2
When integrating getting the following error "Failed to connect to Cisco ISE node - certificate received from Cisco ISE is not known to Cisco DNA Center, please try to re-integrate(edit settings and reenter password) Cisco ISE" ...
Tried re-generating certificate but the same issue... The below logs are from "magctl service logs -r -f network-design-service"
2024-08-17 13:58:13,724 | INFO | SimpleAsyncTaskExecutor-1 | | c.c.a.c.s.h.IseDiagnosticDataMessageHandler | Found 1 PRIMARY nodes. Sending system health notifications to maglev for these 2 nodes |
2024-08-17 13:58:13,726 | INFO | SimpleAsyncTaskExecutor-1 | | c.c.a.c.s.h.IseDiagnosticDataMessageHandler | MaglevEvent : ID: SYSTEM_EXTERNAL_ISE_AAA_TRUST, Name: ISE AAA Trust Establishment, Namespace: SystemRawEvent, Domain: Integrations, Subdomain: ISE, Type: SYSTEM, Category: ERROR, Context: TRUST, Description: ISE AAA Trust Establishment : Primary : Failed to connect to Cisco ISE node - certificate received from Cisco ISE is not known to Cisco DNA Center, please try to re-integrate(edit settings and reenter password) Cisco ISE., InstanceId: 25617ed9-15ac-49c6-aad4-69b0eb6d6105, Source: AAA Trust Establishment, TenantId: 66bc8e19fdd5215f02b769be, Version: 1.0.0, Severity: 1, TimeStamp: 1723903093724, Payload: {"event_payload":{"hostName":"##################","fqdnModified":false,"role":"PRIMARY","creationTime":"2024-08-17 13:58 PM UTC","diagnosticReport":[{"connectionStatus":"FAILURE","title":"Failed to connect to Cisco ISE node - certificate received from Cisco ISE is not known to Cisco DNA Center, please try to re-integrate(edit settings and reenter password) Cisco ISE."}],"aaaInstanceUuid":"1d298b90-a3f9-41f8-a55d-b0e077ab8457","ipAddress":"192.168.1.2","trustState":"UNTRUSTED","ciscoIseInstanceUuid":"0380c050-e804-4ba2-95d2-4ad866c22443","state":"INACTIVE","connectionType":"TRUST"},"system_event":{"event":"Failed","tags":"ISE_AAA","event_instance_id":{"hostname":"********************","ip":"192.168.1.2"}}} |
2024-08-17 13:58:13,727 | INFO | SimpleAsyncTaskExecutor-1 | | c.cisco.maglev.sdk.events.Publisher | published event with routingKey m.maglevevents to exchange e.maglevevents |
2024-08-17 13:58:13,730 | INFO | SimpleAsyncTaskExecutor-1 | | c.c.a.c.s.h.IseDiagnosticDataMessageHandler | Processing system health notification for DELETED nodes
Solved! Go to Solution.
08-20-2024 09:34 PM
The issue was DNS... dns was fixed and all went well......
thanks for all the support
08-17-2024 08:14 AM
- Have a look at https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-3-7/install_guide/2ndgen/b_cisco_dna_center_install_guide_2_3_7_2ndGen/m_complete_first_time_setup_2_3_7_2ndgen.html#task_ikj_pg3_sfb
There are a number of topics mentioned , related to certificates , check them out
+ You may find this thread informative : https://www.reddit.com/r/networking/comments/qeopgy/its_me_again_the_ise_n00b_need_some_big_brain/
M.
08-17-2024 10:30 AM
What message do you get when trying to re-integrate from DNAC as this error-message suggests? You would usually be prompted to trust the unknown certificate and have no further issues afterwards, unless something else than the certificate has also changed.
08-20-2024 09:34 PM
The issue was DNS... dns was fixed and all went well......
thanks for all the support
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide