cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1802
Views
0
Helpful
1
Replies

ISE 3.0 Patch 4 - PxGrid Broken

Louis Gonzales
Level 1
Level 1

Anyone else having issues with pxGrid not working on ISE 3.0 Patch 4 in a distributed deployment? All of my integrations between ISE and our WSA, FMC and Stealthwatch are broken.  Even running the Health Monitor Test for pxGrid fails with the log output below. I have a TAC case open but just wondering if anyone else has pxGrid issues with 3.0

 

15-Dec-2021 20:40:04 [INFO] ************** pxGrid Session Directory Test ***************
15-Dec-2021 20:40:04 [INFO] ----------------- Starting Connection Test -----------------
15-Dec-2021 20:40:04 [INFO] pxGrid Node: [PAN Node Name Removed]
15-Dec-2021 20:40:04 [ERROR] Test set up failed due to internal error. Exception: {}
javax.net.ssl.SSLProtocolException: The size of the handshake message (34086) exceeds the maximum allowed size (32768)
at sun.security.ssl.SSLSocketInputRecord.decodeInputRecord(SSLSocketInputRecord.java:309)
at sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:190)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:109)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1383)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1291)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:435)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:197)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1340)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1315)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:264)
at com.cisco.cpm.pxgrid.connection.TestSessionDirectoryHelper.sendRequest(TestSessionDirectoryHelper.java:114)
at com.cisco.cpm.pxgrid.connection.TestSessionDirectoryHelper.serviceLookup(TestSessionDirectoryHelper.java:62)
at com.cisco.cpm.pxgrid.connection.TestSessionDirectory.testConnection(TestSessionDirectory.java:153)
at com.cisco.cpm.pxgrid.connection.TestSessionDirectory.runTest(TestSessionDirectory.java:118)
at com.cisco.cpm.pxgrid.connection.TestSessionDirectory.main(TestSessionDirectory.java:95)
15-Dec-2021 20:40:04 [INFO] ------------------ Connection Test FAILED ------------------
15-Dec-2021 20:40:04 [INFO] ********** pxGrid Session Directory Test Complete **********
 

 

 

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

Yes, we have seen some customer deployments with lots of stale certificates in the database. Please ask TAC to clean them up or escalate to our BE teams as needed.

View solution in original post

1 Reply 1

hslai
Cisco Employee
Cisco Employee

Yes, we have seen some customer deployments with lots of stale certificates in the database. Please ask TAC to clean them up or escalate to our BE teams as needed.