cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10175
Views
2
Helpful
5
Replies

ISE 2.1 - AD Connector "not running" after upgrade from v2.0.1

bakurenko
Level 1
Level 1

AD Connector state is "not running" after upgrade from ISE 2.0.1 to ISE 2.1. ISE deployment is STANDALONE.

ise/admin# sh application status ise

ISE PROCESS NAME                       STATE            PROCESS ID

--------------------------------------------------------------------

...

AD Connector                           not running

...

PassiveID Service                      not running

...

Join test show:

Status: Join Operation Failed: AD Connector is not available

Error Description: AD Connector Is Not Available

Support Details...

Error Name: ERROR_FILE_NOT_FOUND

Error Code: 2

Detailed Log:

Any ideas?

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

If you have ISE internal CA and/or other services enabled, please make sure ISE has at least 8-GB RAM. If that does not resolve the issue, please check the debug log ad_agent.log.

View solution in original post

5 Replies 5

hslai
Cisco Employee
Cisco Employee

If you have ISE internal CA and/or other services enabled, please make sure ISE has at least 8-GB RAM. If that does not resolve the issue, please check the debug log ad_agent.log.

is there any way to bring up AD Connector manually?

If memory is the issue, manually start is not going to help.

AD advanced tuning has a button to restart AD connector.

Screen Shot 2017-02-15 at 8.41.10 PM.png

larsrugaard
Level 1
Level 1

I had the same issue when applying patch ise-patchbundle-2.2.0.470-Patch2-214160.SPA.x86_64.tar.gz to a version 2.2.470 - after that the AD Connector was in "Not running" state and the ISE was waiting for "Waiting up to 300 seconds for lock: APP_START to complete"


Server has 16 Gb RAM, 4 Cores


(Should mention I aldo changed NTP-Servers just before this incident)


This lock was NEVER removed - and thus the ISE stuck in this state. Even after restart of the ISE it was still stuck with the "APP_START" hindering any further maintenance ... and no AD Communication.


I tried a lot of things - another upgrade, removing the patch etc. - including "application reset-config ise" - to no avail - APP_START was still in the way.


Last resort was to ask my VMWare hosting company to do a reimaging of the thing ... but since this particular one was in China, it was potentially a very long wait!


But last thing to try, was to change the role on the ISE from "STANDALONE" to "PRIMARY" - and after that - and after a very long wait were finished (while the ISE did it magics behind the scene!) - the AD Connector was up and running again ...


I then choose to do a "reset-config" anyway, apply the latest 2.3 upgrade - and it was back in business again




Thanks for the info.

CSCvf17703 has been logged to provide more debug info why the app start not completing.