09-25-2020 07:01 AM
Hello,
after an fresh install of the new ISE Version 3.0 I have no access to the GUI.
I can access to the ISE over ssh and the "show application status ise" says the application server is running, but the access to the Web-GUI from a directly connectet Network don't work.
Any ideas?
Solved! Go to Solution.
09-28-2020 05:40 AM
telnet lab-ka-ise302 443
Trying 10.10.20.232...
telnet: Unable to connect to remote host: Connection refused
09-28-2020 10:38 PM
Try with the safe keyword to eliminate IP restriction. See application start
app start ise safe
09-29-2020 12:46 AM
09-29-2020 04:44 PM
My ISE 3.0.0.458 VM shows both :::80 and :::443 tcp ports tied to docker-proxy processes. I haven't seen this issue in any of the ISE 3.0 beta or release versions, and it sounds like no one else here has seen this either. It sounds like something on the docker container side may not have installed correctly.
If you haven't already done so, I would try deleting your VM and rebuilding from scratch (or deploying from the OVA). If you have already tried that, I would suggest opening a case with TAC.
09-29-2020 11:48 PM
Hey,
I have installed all installation modes:
From 3.0 ISO-File, import the OVA and upgrade from 2.4 to 3.0
09-29-2020 10:46 PM - edited 09-30-2020 04:52 PM
ISE API Gateway Service not running
This needs investigated, as it should be running. You may check kong.log and see if it providing any clue. Likely need to engage TAC.
09-29-2020 11:51 PM
I see the followed entry in the kong.log evrey night at 2AM:
2020-09-30 02:00:02,260 ERROR [DefaultQuartzScheduler_Worker-2][] cpm.infrastructure.kong.metrics.MetricParser -::::- Error occured while executing the command for
com.fasterxml.jackson.core.JsonParseException: Unrecognized token 'Exception': was expecting ('true', 'false' or 'null')
at [Source: (BufferedReader); line: 1, column: 10]
at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1804)
at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:703)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._reportInvalidToken(ReaderBasedJsonParser.java:2853)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._handleOddValue(ReaderBasedJsonParser.java:1899)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextToken(ReaderBasedJsonParser.java:757)
at com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:4142)
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4001)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3050)
at com.cisco.cpm.infrastructure.kong.metrics.MetricParser.parse(MetricParser.java:62)
at com.cisco.cpm.infrastructure.ise.kong.controller.KongMetricsJob.execute(KongMetricsJob.java:37)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
09-30-2020 04:52 PM
I agreed with Greg Gibbs that you should engage Cisco TAC on this.
The log entries you showed are about some scheduled job and I do not believe it related to why the service not up. Please tail on this log while restarting ISE services. If that is not giving a good indication to you what might have gone wrong, then TAC is the only way to go.
12-16-2020 01:24 PM
I had this same issue. It ended up to be lack of hardware virtualization support on vmware ESXI. The ESXi server I am using for a lab was a bit older and the Xeon processor did not support "VT-x/EPT". I was able to install and get GUI for ISE 3.0 installed on ESXi with a newer CPU with "VT-x/EPT" support.
03-31-2022 05:34 AM
I also have the same issue, on ESXI host. Not sure about the ESXI details and I will check on this but was deployed using the OVA, proper sizing was done. Just posting for any others that may be experiencing this very frustrating issue. We have 4 servers across different ESXi hosts and they sporadically work after a full rebuild and then stop. Cli command "Show Port | i :443" does not show that 443 is being listened to and the "show application status ise" shows everything started. I've tried resetting both application ise and and the full platform config, rebuilding.. Will post my findings about the ESXI
03-31-2022 07:31 PM
We are on ISE version 3.1 patch 1. This is due to a bug where we have disabled ipv6. To resolve
In CLI, configure mode:
ise# ipv6 enable
application stop ise
application start ise
show port | i :443
tcp: 0.0.0.0:80, 0.0.0.0:19444, 0.0.0.0:19001, 0.0.0.0:44
this misbehavior is tracked under defect CSCwa08018.
04-07-2022 10:19 AM
Thanks Akin,
You just saved me a Cisco TAC headache.
04-21-2022 07:22 AM
Hey @Akin Utku,
You are my hero!!
Today I started to upgrade a distributed deployment from 3.0p3 to 3.1p1 (SDA). The primary PAN appeared to upgrade OK, the Application Server process was running but I couldn't access the GUI. Same symptoms as observed in the original request. Re-enabling IPv6 has resolved the issue!
Thank you, thank you, thank you!!!
Matt.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide