Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5362
Views
4
Helpful
11
Replies

Enable profiling Service in ISE

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎09-02-2013 04:32 AM - edited ‎03-10-2019 08:50 PM

Hello All,

Can anyone tell me, how to nable "Enable profiling service " on both of the ISEs.

Right now this option is highlighted and I can not check the box.

Any help will be appreciated

Regards

Labels:
0 Helpful
11 Replies 11

Anas Naqvi
Level 1
Level 1

‎09-02-2013 06:21 AM

Hello Sandeep,

To enable the profiling service in Cisco ISE, you must install an advanced license package on top of the base license. You can utilize all of the session services, including the Network Access, Guest, Posture, Client Provisioning, Profiling Service, and Security Group Access (SGA) depending on your configuration on the nodes.

Cisco ISE allows you to configure the profiling service to run on multiple nodes that assume the Policy Service persona in a distributed Cisco ISE deployment. You can also configure the profiling service on a single node in a standalone Cisco ISE deployment.

With a Base license installed, you cannot profile endpoints on your network. You can only manage endpoints including import and the static assignment of endpoints by using the Endpoints page, and view endpoints on the Endpoint Identity Groups page

Kindly also check the following link,

http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_prof_pol.html

0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to Anas Naqvi

‎09-02-2013 06:33 AM

Hi,

I have advance licence but still I coundnt see the profiling config page  on both of my ISE servers.

Here is the screenshot:

Enable profiling tab is highlighted

REgards

0 Helpful

George Stefanick
VIP Alumni
VIP Alumni
In response to Sandeep Choudhary

‎09-02-2013 08:18 AM

Can you post a pix of your license page ?

Sent from Cisco Technical Support iPad App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to George Stefanick

‎09-03-2013 03:08 AM - edited ‎09-12-2019 05:23 AM

Hi George,

 

I have one more error.

I have setup 2 ise, secondary ise is getting eroor:

here is the screenshot of the error:screenshot is in german but i will translate it.

 

Translation:

 

This connection is untrusted

 

           Firefox they have instructed to establish a secure connection to citsnw14.grammer.com, but it can not be checked whether the connection is secure.

           If you normally build up a secure connection to the Web site has a trusted identification to ensure that you visit the right website. The identification of this site, however, can not be confirmed.

 

           What should I do?

 

             If you have any problems with this website usually, this error could mean that someone fakes the website. You should not proceed in the case.

 

Leave this site

 

Technical details

 

         TES14.xyz.com uses an invalid security certificate.

 

The certificate is not trusted because the issuer certificate is not trusted.

 

(Error code: sec_error_untrusted_issuer)

 

 

TES14 is primary ise and TES15 is secondary.

 

I think its a problem of certificae but i am not fully aware about how these certifcate works.

 

 

any help is appreciated.

 

Regards

0 Helpful

Philip Vilhelmsson
Level 1
Level 1
In response to Sandeep Choudhary

‎09-03-2013 06:54 AM

Hi,

The first screenshot shows that your evaluation of advanced license has expired (0 day). If you buy/install advanced license you will be able to configure profiling.

Regards,

Philip

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to Philip Vilhelmsson

‎09-04-2013 10:59 PM - edited ‎09-12-2019 05:24 AM

Hi Philip,

we have Cisco Identity Services Engine 1000 EndPoint Base License.But id o not need to enable profiling services now.

 

 

Can you pleasee my last question related to HTTP:

I have one more error.

I have setup 2 ise, secondary ise is getting eroor:

here is the screenshot of the error:screenshot is in german but i will translate it.

 

Translation:

 

This connection is untrusted

 

            Firefox they have instructed to establish a secure connection to  citsnw14.grammer.com, but it can not be checked whether the connection  is secure.

           If you normally build up a secure connection  to the Web site has a trusted identification to ensure that you visit  the right website. The identification of this site, however, can not be  confirmed.

 

           What should I do?

 

              If you have any problems with this website usually, this error could  mean that someone fakes the website. You should not proceed in the case.

 

Leave this site

 

Technical details

 

         TES14.XYZ.com uses an invalid security certificate.

 

The certificate is not trusted because the issuer certificate is not trusted.

 

(Error code: sec_error_untrusted_issuer)

 

 

TES14 is primary ise and TES15 is secondary.

 

I think its a problem of certificae but i am not fully aware about how these certifcate works.

 

 

any help is appreciated.

 

Regards

 

 

Regards

Sandeep

0 Helpful

Saurav Lodh
Level 7
Level 7
In response to Sandeep Choudhary

‎09-04-2013 11:09 PM

Hello Sandeep,

For profiling service , you need to have advance  license. Moreover, if you are facing certificate error, please follow  step by step method of managing certificates from the attached doc.

Preview file
3843 KB
0 Helpful

Ravi Singh
Level 7
Level 7
In response to Sandeep Choudhary

‎09-19-2013 03:48 PM

There is certificate error in your ISE. You have to configure Certificate server to solve the issue. Please check the below link for the same

http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_cert.html

0 Helpful

muhammk2
Level 1
Level 1

‎09-04-2013 11:43 AM

Hello,

Can you confirm whether you were using evolution version? If yes then  as per Phillip, advance license needs to be bought as the services will  work not work after  the expiration date of evolution license is  passed.

Regards,

Muhammad Khan

0 Helpful

blenka
Level 3
Level 3

‎09-04-2013 02:23 PM

Please go through the link below for the steps to enable profiling.

http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_ug.pdf

0 Helpful

Muhammad Munir
Level 5
Level 5

‎09-11-2013 10:35 PM

Hi

Depending  on your deployment type and the license you have installed, the  profiling service of Cisco ISE can run on a single node or on multiple  nodes. You need to install either the base license to take advantage of  the basic services or the advanced license to take advantage of all the  services of Cisco ISE.

From  the Administration menu, you can choose Deployment to manage the Cisco  ISE deployment on a single node or multiple nodes. You can use the  Deployment Nodes page to configure the profiling service for your Cisco  ISE deployment.

If you have the Policy Service persona disabled, or if enabled but the Enable Profiling Services option  is not selected, then the Cisco ISE administrator user interface does  not display the Profiling Configuration tab. If you have the Policy  Service persona disabled on any Cisco ISE node, Cisco ISE displays only  the General Settings tab. It does not display the Profiling  Configuration tab that prevents you from configuring the probes on the  node. The profiling service only runs on Cisco ISE nodes that assume the  Policy Service persona and does not run on Cisco ISE nodes that assume  the Administration and Monitoring personas in a distributed deployment.

For step by step configuration please go through this link: (page no. 510).

http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_ug.pdf

0 Helpful
Customers Also Viewed These Support Documents