Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2146
Views
0
Helpful
5
Replies

Invalid health check monitoring request received for auto-failover.

Aklilu Belay
Level 1
Level 1

‎03-31-2020 01:00 AM

We have a Cisco ISE 2.1 distributed deployment with 7 Cisco ISE nodes. (Two PAN, Three PSN and two MnT nodes). we are getting the below error on the PAN:
Invalid health check monitoring request received for auto-failover.

 

And on Cisco site here: https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_011000.html

it says the solution is "Please verify if the health check monitoring node is out-of-sync and trigger a manual sync if needed."

But I am not sure which node was configured as the health check node. My question is; is there a way to find which node is configured as a health check monitoring node out of the 7 ISE nodes?

 

Thanks,

0 Helpful
5 Replies 5

marce1000
Hall of Fame
Hall of Fame

‎03-31-2020 01:41 AM

 

 - Probably can be figured out by  having a look at the paragraph below :

   https://www.cisco.com/c/en/us/td/docs/security/ise/2-0/admin_guide/b_ise_admin_guide_20/b_ise_admin_guide_20_chapter_010.html#task_4B14550A96BF40A0906843411C8A96A6

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Aklilu Belay
Level 1
Level 1
In response to marce1000

‎03-31-2020 04:14 AM

The problem is "Enable PAN Auto Failover" checkbox is disabled. I was hoping there is another way of finding this information.

0 Helpful

Greg Gibbs
Cisco Employee
Cisco Employee
In response to Aklilu Belay

‎03-31-2020 03:10 PM

I would suggest checking Node Status on the Administration > System > Deployment page to see if any of the nodes are out of sync. If none of the nodes are showing out of sync, you might need to manually resync the PSN, MnT, and Secondary PAN nodes one at a time to see if the error goes away.

If you're comfortable looking at looking at debug logs, you might also have a look into the Replication logs for more info.

Please note that ISE 2.1 reached End of Support on 17 March 2020. You should strongly consider upgrading to a version supported by TAC.

0 Helpful

Aklilu Belay
Level 1
Level 1
In response to Greg Gibbs

‎03-31-2020 10:58 PM

I was actually doing a manual sync for all nodes and one of the nodes, which is an MnT node gives the below error after attempting to do a manual sync:
Node not in sync with PAP ,Please do a manual sync

I will attempt to find the logs. If you have any instructions/reference to do that, please let me know.

0 Helpful

Aklilu Belay
Level 1
Level 1
In response to Aklilu Belay

‎04-06-2020 12:45 AM

I downloaded and checked the replication log but couldn't find anything useful. I have attached it here if you want to check. svdcise01 is the primary PAN and svdrise01 is the one that should be secondary PAN>

SVDRISE01.ethiopianairlines.com-replication.log.2020-03-16.1.zip
SVDRISE01.ethiopianairlines.com-replication.log.2020-03-30.1.zip
SVDRISE01.ethiopianairlines.com-replication.log.zip
SVDCISE01.ethiopianairlines.com-replication.log.zip
0 Helpful
Customers Also Viewed These Support Documents