cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
16030
Views
55
Helpful
27
Replies

ISE 3.0 - No Access to UI after fresh install

mountainbkus
Level 1
Level 1

Hello,

after an fresh install of the new ISE Version 3.0 I have no access to the GUI. 

I can access to the ISE over ssh and the "show application status ise" says the application server is running, but the access to the Web-GUI from a directly connectet Network don't work. 

Any ideas?

 

27 Replies 27

telnet lab-ka-ise302 443
Trying 10.10.20.232...
telnet: Unable to connect to remote host: Connection refused

 

 

 

Screenshot from 2020-09-28 14-35-50.png

 

 

 

 

hslai
Cisco Employee
Cisco Employee

Try with the safe keyword to eliminate IP restriction. See application start

app start ise safe

see attached file, no GUI available

My ISE 3.0.0.458 VM shows both :::80 and :::443 tcp ports tied to docker-proxy processes. I haven't seen this issue in any of the ISE 3.0 beta or release versions, and it sounds like no one else here has seen this either. It sounds like something on the docker container side may not have installed correctly.

If you haven't already done so, I would try deleting your VM and rebuilding from scratch (or deploying from the OVA). If you have already tried that, I would suggest opening a case with TAC.

Hey,

I have installed all installation modes:

From 3.0 ISO-File, import the OVA and upgrade from 2.4 to 3.0

 

ISE API Gateway Service                not running                  

This needs investigated, as it should be running. You may check kong.log and see if it providing any clue. Likely need to engage TAC.

I see the followed entry in the kong.log evrey night at 2AM:

2020-09-30 02:00:02,260 ERROR [DefaultQuartzScheduler_Worker-2][] cpm.infrastructure.kong.metrics.MetricParser -::::- Error occured while executing the command for
com.fasterxml.jackson.core.JsonParseException: Unrecognized token 'Exception': was expecting ('true', 'false' or 'null')
at [Source: (BufferedReader); line: 1, column: 10]
at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1804)
at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:703)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._reportInvalidToken(ReaderBasedJsonParser.java:2853)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._handleOddValue(ReaderBasedJsonParser.java:1899)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextToken(ReaderBasedJsonParser.java:757)
at com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:4142)
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4001)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3050)
at com.cisco.cpm.infrastructure.kong.metrics.MetricParser.parse(MetricParser.java:62)
at com.cisco.cpm.infrastructure.ise.kong.controller.KongMetricsJob.execute(KongMetricsJob.java:37)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)

I agreed with Greg Gibbs that you should engage Cisco TAC on this.

The log entries you showed are about some scheduled job and I do not believe it related to why the service not up. Please tail on this log while restarting ISE services. If that is not giving a good indication to you what might have gone wrong, then TAC is the only way to go.

seggert
Level 1
Level 1

I had this same issue.  It ended up to be lack of hardware virtualization support on vmware ESXI.  The ESXi server I am using for a lab was a bit older and the Xeon processor did not support "VT-x/EPT".  I was able to install and get GUI for ISE 3.0 installed on ESXi with a newer CPU with "VT-x/EPT" support.

 

 

Akin Utku
Level 1
Level 1

I also have the same issue, on ESXI host.  Not sure about the ESXI details and I will check on this but was deployed using the OVA, proper sizing was done.  Just posting for any others that may be experiencing this very frustrating issue.  We have 4 servers across different ESXi hosts and they sporadically work after a full rebuild and then stop.  Cli command "Show Port | i :443" does not show that 443 is being listened to and the "show application status ise" shows everything started.  I've tried resetting both application ise and and the full platform config, rebuilding..  Will post my findings about the ESXI 

We are on ISE version 3.1 patch 1.  This is due to a bug where we have disabled ipv6.  To resolve 

In CLI, configure mode:

ise# ipv6 enable

application stop ise

application start ise

 

show port | i :443
tcp: 0.0.0.0:80, 0.0.0.0:19444, 0.0.0.0:19001, 0.0.0.0:44

 

this misbehavior is tracked under defect CSCwa08018.

 

 

Thanks Akin,

You just saved me a Cisco TAC headache.

Hey @Akin Utku,

You are my hero!!

Today I started to upgrade a distributed deployment from 3.0p3 to 3.1p1 (SDA). The primary PAN appeared to upgrade OK, the Application Server process was running but I couldn't access the GUI. Same symptoms as observed in the original request. Re-enabling IPv6 has resolved the issue!

Thank you, thank you, thank you!!!

Matt.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: