09-25-2020 07:01 AM
Hello,
after an fresh install of the new ISE Version 3.0 I have no access to the GUI.
I can access to the ISE over ssh and the "show application status ise" says the application server is running, but the access to the Web-GUI from a directly connectet Network don't work.
Any ideas?
Solved! Go to Solution.
09-29-2020 04:44 PM
My ISE 3.0.0.458 VM shows both :::80 and :::443 tcp ports tied to docker-proxy processes. I haven't seen this issue in any of the ISE 3.0 beta or release versions, and it sounds like no one else here has seen this either. It sounds like something on the docker container side may not have installed correctly.
If you haven't already done so, I would try deleting your VM and rebuilding from scratch (or deploying from the OVA). If you have already tried that, I would suggest opening a case with TAC.
09-25-2020 07:03 AM
ISE generally take long time to get GUI access, since it need to run many service up and running, how much time you waited after ?
can you post show application status ise - full output ?
09-25-2020 07:17 AM
sh application status ise
ISE PROCESS NAME STATE PROCESS ID
--------------------------------------------------------------------
Database Listener running 20792
Database Server running 84 PROCESSES
Application Server running 7142
Profiler Database running 4425
ISE Indexing Engine running 10442
AD Connector running 13614
M&T Session Database running 4231
M&T Log Processor running 7333
Certificate Authority Service running 13266
EST Service running 23348
SXP Engine Service disabled
Docker Daemon running 22230
TC-NAC Service disabled
pxGrid Infrastructure Service disabled
pxGrid Publisher Subscriber Service disabled
pxGrid Connection Manager disabled
pxGrid Controller disabled
PassiveID WMI Service disabled
PassiveID Syslog Service disabled
PassiveID API Service disabled
PassiveID Agent Service disabled
PassiveID Endpoint Service disabled
PassiveID SPAN Service disabled
DHCP Server (dhcpd) disabled
DNS Server (named) disabled
ISE Messaging Service running 330
ISE API Gateway Database Service running 3130
ISE API Gateway Service not running
Segmentation Policy Service disabled
REST Auth Service disabled
SSE Connector disabled
09-25-2020 07:47 AM
ISE takes a good 10-15 minutes to startup.
You now have a PID for the Application Server process so all should be fine:
Application Server running 7142
Use show application status ise in the future to check as @balaji.bandi said.
If for some reason takes much longer you may try application stop ise followed by application start ise then show application status ise to wait for the PID then login.
09-25-2020 09:14 AM
The uptime ist 6:44h and I have twice stop/start the application.
When I use the command "show ports" there is no entry vor HTTP/HTTPS - see attached file
In my functional ISE Version 2.6 I see the following entries for HTTP/HTTPS:
process : jsvc.exec (19914)
tcp: 10.10.30.74:8997, 0.0.0.0:9061, 10.10.30.74:8998, 10.10.20.74:8999, 0.0.0.0:8905, 0.0.0.0:8009, 0.0.0.0:5514, 0.0.0.0:9002, 10.10.20.74:8555, 0.0.0.0:1099, 0.0.0.0:23021, 0.0.0.0:2030, 0.0.0.0:8910, 10.10.20.74:8943, 10.10.30.74:8943, 0.0.0.0:80, 169.254.0.228:49, 169.254.2.1:49, 10.10.30.74:49, 10.10.20.74:49, 169.254.0.228:50, 169.254.2.1:50, 10.10.30.74:5
0, 10.10.20.74:50, 0.0.0.0:2035, 169.254.0.228:51, 169.254.2.1:51, 10.10.30.74:51, 10.10.20.74:51, 169.254.0.228:52, 169.254.2.1:52, 10.10.30.74:52, 10.10.20.74:52, 10.10.20.74:8599, 10.10.20.74:7800, 127.0.0.1:8888, 0.0.0.0:9080, 10.10.20.74:8443, 10.10.30.74:8443, 0.0.0.0:443, 10.10.20.74:8444, 10.10.30.74:8444, 0.0.0.0:9085, 10.10.20.74:8447, 10.10.20.74:8448, 10.10.20.74:8449, 10.10.20.74:12001, 0.0.0.0:9090, 127.0.0.1:2020, 0.0.0.0:9060
09-25-2020 10:26 AM
- How do you define 'no access to the GUI' - do you get a http/https timeout or something else ?
M.
09-27-2020 11:45 PM
The browser says: ERR_CONNECTION_REFUSED
09-28-2020 12:38 AM
- Reboot the ISE server and carefully follow up and or scrutinize the startup process on the console, watch for errors if any.
M.
09-28-2020 04:30 AM
09-28-2020 07:32 AM
- Exactly which platform are you using 3.0 on ? If virtual environment, include full (hypervisor) versions and environment, if appliance then include model (fully-named and expanded) ?
M.
09-29-2020 02:07 AM
09-29-2020 03:48 AM
Ref : https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/release_notes/b_ise_30_rn.html#id_64711
Take note of this requirement and or check if it applies to your case :
>...
Memory allocation of less than 16 GB is not supported for VM appliance configurations. In the event of a Cisco ISE behavior issue, all the users will be required to change the allocated memory to at least 16 GB before opening a case with the Cisco Technical Assistance Center.
>...
M.
09-29-2020 07:01 AM
I have reserved 16GB RAM for the VM
09-29-2020 09:21 AM
- Check performance-stats for the particular vm with the hypervisor monitoring tools. Make sure the vm gets sufficient resources (CPU, mem,.....).
M.
09-28-2020 04:58 AM
have you tried as below :
https://<IP address or host name>/admin/
telnet from your PC to ISE IP addresss 443, what to get ?
here is post installation task :
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide