cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

519
Views
10
Helpful
7
Replies
dewey89
Beginner

ISE 2.7 UNABLE TO ACCESS CLI or GUI

Hello Cisco Community,  I'm having trouble accessing a new ISE VM that I created and wondered if anyone has a solution for this.

  I've got one ISE VM built out and deployed and was going to create a second one to go into a redundant pair, but I can't log into the SSH or GUI session.

  I have access to the VM through the vCenter 6.7 U3 web console, but I can't access it through the SSH or web GUI.

  When using putty to SSH I get the (Connection Refused) notice.  With the gui it just times out to the (This site can't be reached) message.

  I can ping the new ISE VM from both Distro Routers so I know L3 is there.  What can be the issue?

 

  I thought during the first buildout that I was asked for what IP addresses do I want to access the ISE appliance from, but don't know if that task was done during the setup on the CLI or afterwards when configuring and security hardening of the GUI.

1 ACCEPTED SOLUTION

Accepted Solutions

I found a section that talked about verifying the install and asked to run the (show application status ise) command.  The response was (%Application ise is not installed) well that answers why it wasn't working...

 

  It was odd that I could log into the appliance using the VCSA 6.7 web console.  My question is if this is true why did it not load correctly without giving any errors?

View solution in original post

7 REPLIES 7
Damien Miller
VIP Advisor

The usual culprit for this is VMware, or a backup ultiity performing snapshots or quiescing the VM. The application services within ISE will hang if a snapshot is attempted so it is imperative to prevent them from happening. 

The node will respond to pings, but the web GUI does not load. The only way to recover it is to perform a power reset from vcenter/console. 

Damien,

  I tried that, but no joy....  Because I had just built the VM out I hadn't tried that, but since it's been over 2 hours I did reboot with no success.

 

I found a section that talked about verifying the install and asked to run the (show application status ise) command.  The response was (%Application ise is not installed) well that answers why it wasn't working...

 

  It was odd that I could log into the appliance using the VCSA 6.7 web console.  My question is if this is true why did it not load correctly without giving any errors?

View solution in original post

Tyson Joachims
Rising star

This is going to sound silly but have you verified that you're adding https:// to the front of the IP address of the ISE server?

Do you have anything that would be blocking a website that uses a self-signed certificate? Maybe try a different browser?

During setup, there is a question regarding if you wanted to enable SSH. Do you remember if you said yes or accepted the default of no?

I thought I had enabled SSH, but not sure after all the problems I've been having with the second install.

  I had even deleted all VM files and associated configuration from the the first try before rebuilding.

  I've been looking around the internet for the commands to check if SSH is enabled, but the correct answer is illusive.

One other issue that I had affecting me with the second ISE install, but not the first was the McAfee HBSS.  Had my workstation put in maintenance mode and was able to get further along.

Turns out the install was taking much longer than the first install that allowed me to access the CLI and GUI after about 30 minutes or so.  I ran a final install on Friday afternoon and everything was available on Monday morning.

  I had waiting 1-2 hours on the previous tries and still couldn't access the login types.  In either case I'm past this point, but it sure was different and took longer.

Content for Community-Ad