cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3508
Views
0
Helpful
16
Replies

ISE 1.1.1 High CPU usage

martyn.rees
Level 4
Level 4

Has anyone had any problems with high CPU usage when ISE is under very minimal load, especially in the middle of the night?

At the moment there are max 10 wireless clients connected at any one time, but none overnight, yet the CPU sits around 90% all of the time.

The ISE in question is a VM, and has 4GB RAM, and 2 CPU's allocated. It is a stand alone system, and is only being used for wireless auth.

I haven't been able to find much in the way of being able to track which process is consuming CPU time, so it's hard to know exactly what is the cause, and where to look to resolve.

16 Replies 16

Tarik Admani
VIP Alumni
VIP Alumni

Do you have the automatic updates configured for the client provisioning setting? Try disabling the automatic updates:

http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_client_prov.html#wpxref43943

Thanks,

Tarik Admani
*Please rate helpful posts*

Automatic updates for the client provisioning is disabled, as is posture updates.

Do you have all the probes turned on? Can you disable any unused probes if they are enabled. I can try looking at a support bundle for you or you can have tac do this.

Thanks,

Tarik Admani

There are only three probes enabled at the moment, RADIUS, NMAP, and DNS.

I am curious to see if the nmap probe is causing this issue, can you see if disabling this will bring the cpu utilization down? If it does or doesnt I would suggest opening a tac case, they should be able to look into your virtual machine a little deeper.

Thanks,

Tarik Admani
*Please rate helpful posts*

gschmitt.ngit
Level 1
Level 1

Have you installed patch 2? One of the reasons for the issue of this patch was to address this issue and data base replication.

Cheers

Yep Patch 2 has been applied, but didn't have any effect on the issue. Also as I mentioned in the original post this is a stand alone system, so there wouldn't be any replication to other members.

Tarik Admani
VIP Alumni
VIP Alumni

Is this a virtual machine if so is this local or san storage?

Sent from Cisco Technical Support Android App

Yes it is a VM, and it is running on SAN storage, as the VM host is a blade server.

Tarik Admani
VIP Alumni
VIP Alumni

Blade storage is that iscsi? Was it originally provisioned for 60gb and the remaining provisioned after?

Sent from Cisco Technical Support Android App

It is a fibre channel SAN connectivity, and was provisioned from the start with 400GB storage.

cheers

Tarik Admani
VIP Alumni
VIP Alumni

Your best bet is to open a tac case to have them take a look. Also you might want to try to rebuild the virtual machine from scratch and monitor again.

Thanks.

Sent from Cisco Technical Support Android App

Yep have got a TAC case under way, but it is slow to work through. At the moment it looks like the profiler service is the cause, but it is yet to be confirmed.

cheers

Martyn, if you get a resolution please let us know. I'm having a similar issue. thanks!