Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
16657
Views
5
Helpful
12
Replies

error message "EST Service not running" since upgrade to 2.4

Go to solution
John Vierra
Cisco Employee
Cisco Employee

‎04-02-2018 08:08 AM

Ever since I upgrade to 2.4 I'm getting this error message "EST Service not running". If I look in the CLI is says its not running. Any ideas?

2 people had this problem
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to chhess

‎08-27-2018 06:31 AM

Yes, it's the same issue as CSCvj11319.

In John's case, he re-generated the ISE internal CA certificate chain.

View solution in original post

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to kangkungkok

‎09-18-2018 09:46 PM

To fix the EST service not running following an upgrade just follow these screenshots.  I suggest engaging TAC if you are have problems or need help though. Make sure you weren't using the existing prior to this, if unsure contact TAC. 

 

 

Click on Generate CSR highlighted

generate.JPG

 

Then Select "Root CA" and click replace ISE root CA certificate chain.

iseroot.JPG

View solution in original post

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to anil.kumark

‎04-30-2019 05:25 AM

Open a tac case
More information about getting help under resources http://cs.co/ise-help

View solution in original post

0 Helpful
12 Replies 12

Go to solution
hslai
Cisco Employee
Cisco Employee

‎04-02-2018 08:17 AM

I already responded and suggested to meet and check this out.

0 Helpful

Go to solution
chhess
Cisco Employee
Cisco Employee
In response to hslai

‎08-25-2018 09:49 AM

Hello, i am having this same issue.  I see this is marked as "Solved" but there is not any information on what fixed this issue.  Is this the same bug as CSCvj11319, we upgraded from 2.2. 

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to chhess

‎08-27-2018 06:31 AM

Yes, it's the same issue as CSCvj11319.

In John's case, he re-generated the ISE internal CA certificate chain.

Go to solution
chhess
Cisco Employee
Cisco Employee
In response to hslai

‎09-04-2018 03:51 PM

Thank you for the information!

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to chhess

‎09-04-2018 04:52 PM

for others that may find this, I would do this after the entire deployment has been upgraded, not just the after the PAN completes.
0 Helpful

Go to solution
kangkungkok
Level 1
Level 1
In response to hslai

‎09-18-2018 06:38 PM

hi   hslai

How do I create an ISE internal CA certificate chain?

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to kangkungkok

‎09-18-2018 09:46 PM

To fix the EST service not running following an upgrade just follow these screenshots.  I suggest engaging TAC if you are have problems or need help though. Make sure you weren't using the existing prior to this, if unsure contact TAC. 

 

 

Click on Generate CSR highlighted

generate.JPG

 

Then Select "Root CA" and click replace ISE root CA certificate chain.

iseroot.JPG

0 Helpful

Go to solution
anil.kumark
Level 1
Level 1
In response to Damien Miller

‎04-30-2019 03:59 AM

We tried this workaround in from CSCvj11319 bug but no luck. We are not using internal CA.

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to anil.kumark

‎04-30-2019 05:25 AM

Open a tac case
More information about getting help under resources http://cs.co/ise-help
0 Helpful

Go to solution
csco10979295
Level 1
Level 1
In response to Jason Kunst

‎09-02-2019 12:36 AM

Is there anyway to disable EST services only ?

0 Helpful

Go to solution
m.soleimani
Level 1
Level 1
In response to Damien Miller

‎09-05-2020 10:39 PM

Hi Dear Damien Miller

I have the same problem on one of my PSN and I did your solution but it didn't work for me, any help?

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to m.soleimani

‎09-05-2020 11:06 PM

I would reccomend contacting TAC if the process did not work. I have run in to issues since this thread where a cert db file may need to be cleared out from root. 

 

0 Helpful
Customers Also Viewed These Support Documents