cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1123
Views
40
Helpful
22
Replies
Highlighted
Beginner

ISE 3.0 - No Access to UI after fresh install

Hello,

after an fresh install of the new ISE Version 3.0 I have no access to the GUI. 

I can access to the ISE over ssh and the "show application status ise" says the application server is running, but the access to the Web-GUI from a directly connectet Network don't work. 

Any ideas?

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

My ISE 3.0.0.458 VM shows both :::80 and :::443 tcp ports tied to docker-proxy processes. I haven't seen this issue in any of the ISE 3.0 beta or release versions, and it sounds like no one else here has seen this either. It sounds like something on the docker container side may not have installed correctly.

If you haven't already done so, I would try deleting your VM and rebuilding from scratch (or deploying from the OVA). If you have already tried that, I would suggest opening a case with TAC.

View solution in original post

22 REPLIES 22
Highlighted
VIP Mentor

ISE generally take long time to get GUI access, since it need to run many service up and running, how much time you waited after ?

 

can you post show application status ise - full output ?

 

BB
*** Rate All Helpful Responses ***
Highlighted
Beginner

sh application status ise

ISE PROCESS NAME STATE PROCESS ID
--------------------------------------------------------------------
Database Listener running 20792
Database Server running 84 PROCESSES
Application Server running 7142
Profiler Database running 4425
ISE Indexing Engine running 10442
AD Connector running 13614
M&T Session Database running 4231
M&T Log Processor running 7333
Certificate Authority Service running 13266
EST Service running 23348
SXP Engine Service disabled
Docker Daemon running 22230
TC-NAC Service disabled
pxGrid Infrastructure Service disabled
pxGrid Publisher Subscriber Service disabled
pxGrid Connection Manager disabled
pxGrid Controller disabled
PassiveID WMI Service disabled
PassiveID Syslog Service disabled
PassiveID API Service disabled
PassiveID Agent Service disabled
PassiveID Endpoint Service disabled
PassiveID SPAN Service disabled
DHCP Server (dhcpd) disabled
DNS Server (named) disabled
ISE Messaging Service running 330
ISE API Gateway Database Service running 3130
ISE API Gateway Service not running
Segmentation Policy Service disabled
REST Auth Service disabled
SSE Connector disabled

 

Highlighted

ISE takes a good 10-15 minutes to startup.

You now have a PID for the Application Server process so all should be fine:

Application Server running 7142

Use show application status ise in the future to check as @balaji.bandi said.

If for some reason takes much longer you may try application stop ise followed by application start ise then show application status ise to wait for the PID then login.

Highlighted

The uptime ist 6:44h and I have twice stop/start the application.

When I use the command "show ports" there is no entry vor HTTP/HTTPS - see attached file

 

In my functional ISE Version 2.6 I see the following entries for HTTP/HTTPS:

 

process : jsvc.exec (19914)
tcp: 10.10.30.74:8997, 0.0.0.0:9061, 10.10.30.74:8998, 10.10.20.74:8999, 0.0.0.0:8905, 0.0.0.0:8009, 0.0.0.0:5514, 0.0.0.0:9002, 10.10.20.74:8555, 0.0.0.0:1099, 0.0.0.0:23021, 0.0.0.0:2030, 0.0.0.0:8910, 10.10.20.74:8943, 10.10.30.74:8943, 0.0.0.0:80, 169.254.0.228:49, 169.254.2.1:49, 10.10.30.74:49, 10.10.20.74:49, 169.254.0.228:50, 169.254.2.1:50, 10.10.30.74:5
0, 10.10.20.74:50, 0.0.0.0:2035, 169.254.0.228:51, 169.254.2.1:51, 10.10.30.74:51, 10.10.20.74:51, 169.254.0.228:52, 169.254.2.1:52, 10.10.30.74:52, 10.10.20.74:52, 10.10.20.74:8599, 10.10.20.74:7800, 127.0.0.1:8888, 0.0.0.0:9080, 10.10.20.74:8443, 10.10.30.74:8443, 0.0.0.0:443, 10.10.20.74:8444, 10.10.30.74:8444, 0.0.0.0:9085, 10.10.20.74:8447, 10.10.20.74:8448, 10.10.20.74:8449, 10.10.20.74:12001, 0.0.0.0:9090, 127.0.0.1:2020, 0.0.0.0:9060

 

 

Highlighted

 

 - How do you define 'no access to the GUI' - do  you get a http/https timeout or something else ?

 M.

Highlighted

The browser says: ERR_CONNECTION_REFUSED

 

Highlighted

 

 - Reboot the ISE server and carefully follow up and or scrutinize the startup process on the console, watch for errors if any.

 M.

Highlighted

Hi,

there are no errors. I have save the putty output to the attached file.

J.

Highlighted

 

 - Exactly which platform are you using 3.0 on ? If virtual environment, include full (hypervisor) versions and environment, if appliance  then include model (fully-named and expanded) ?

 M.

Highlighted

I'm using VMWare ESXi 6.0.0. Details see attached files.

Highlighted

 

 Ref : https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/release_notes/b_ise_30_rn.html#id_64711

                       Take note of this requirement and or check if it applies to your case :

 >...

 Memory allocation of less than 16 GB is not supported for VM appliance configurations. In the event of a Cisco ISE behavior issue, all the users will be required to change the allocated memory to at least 16 GB before opening a case with the Cisco Technical Assistance Center.

>...

 

 M.

Highlighted

I have reserved 16GB RAM for the VM

Highlighted

 

 - Check performance-stats for the particular vm with the hypervisor monitoring tools. Make sure the vm gets sufficient resources (CPU, mem,.....). 

 M.

Highlighted

have you tried as below :

 

https://<IP address or host name>/admin/  

 

telnet from your PC to ISE IP addresss 443, what to get ?

 

here is post installation task :

 

https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/install_guide/b_ise_InstallationGuide30/b_ise_InstallationGuide30_chapter_5.html

BB
*** Rate All Helpful Responses ***