cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7185
Views
1
Helpful
5
Replies

ISE 2.2 No connectivity to pxGrid Node

umahar
Cisco Employee
Cisco Employee

I have a cluster with 1 PAN, 1 M&T and 1 PxGrid.

All nodes are synced and I have issued a pxGrid template certificate to all nodes.

I still see the 'No connectivity to pxGrid Node'.

Am i missing any step ?

1 Accepted Solution

Accepted Solutions

Craig Hyps
Level 10
Level 10

Make sure signing CA cert/chain is present in each nodes trust store.  Try service restart (for example, restart pxGrid node).

View solution in original post

5 Replies 5

Craig Hyps
Level 10
Level 10

Make sure signing CA cert/chain is present in each nodes trust store.  Try service restart (for example, restart pxGrid node).

The same root CA has assigned the admin certificates to all the nodes and they are all joined to the cluster so I guess there is no issue with certificates.

I used the same CA to issue a pxGrid template certificate to the Admin, M&T and pxGrid.

The pxGrid node is stuck in initializing stage after multiple restarts.

I checked the bug https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz50086/?referring_site=bugquickviewredir but I have all IPs allowed in the Admin Access List

Did you get this fixed?  Mine is in same state. 

Fixed it!  It was the Cert issue mentioned.  I just created a self-signed cert for PxGrid.  It was using a cert that was signed by a CA not in the trust store.  

 

I just went with a self-signed cert just for PxGrid and now it came right up.  

Should the same certificate template be used in issuing certs to the admin and monitoring nodes ? assuming that a cert has been issued to the admin and monitoring nodes by same root and intermediate authority, will not issuing pxgrid certificate template cause this issue ?