Strange Device Admin issue in a new 2 node deployment.
Only 1 of the nodes will service TACACS requests.
Tested on both IOS and NX-OS and if they try to send TACACS requests to the 'secondary' node they fail and are not recorded in any ISE logs.
If I remove the Device Admin role from the secondary node and re-add it, TACACS starts working on this node but stops responding on the primary node.
If I then remove Device Admin from primary node and re-add, it starts working again on primary node but stops working on secondary.
2 x 3615 Appliances running ISE 2.7 Patch 2
Both nodes are configured with Admin, Monitoring, Policy Service (including Device Admin) and PXGrid
Using Smart Licensing, has 2 Device Admin licenses in portal (and shown correctly as 'in use')
I'd be grateful if anyone has seen this or something similar before and has any advice. I would go straight to TAC but there is an issue with the purchased support package being correctly registered and I'm waitying for it to get sorted by the customer / supplying partner
Well this is interesting because we do have many TACACS errors related to Nexus devices being not able to reach ISE/TACACS and not impacting Catalyst devices ... will have a look at that bug conditions !