11-12-2023 06:40 PM
Hi
I used to have ISE 3.0p5 and Prime Infrastructure 3.10 integrated.
Since upgrading from ISE 3.0 to 3.2, the integration no longer works. Prime complains that the username and/or password is incorrect.
Error(s): You must correct the following error(s) before proceeding:
Error:Identity Services Engine with IP address 1.2.3.4 has incorrect password. Please enter a valid password
I also tried the "admin" creds - doesn't work. The error seems to fluctuate between my IP being wrong, or the password or the username and the password. Prime can be really fickle.
I am pointing ISE to one of the MNTs and the username/password is a defined admin account in ISE Admins. I can log into the MNT Web UI using the account. I also added the creds to the MNT's CLI (just in case). And the MNT and Prime are on the same IP subnet (no FW).
It should work ... shouldn't it? I can see my web login and logout using that same account in the ISE Reports > Audit > Administrator Logins but I can't see the supposed attempts from Prime.
Pls don't slam me for still using Prime. It's doing a great job. We also have DNAC but I sometimes use Prime too.
Solved! Go to Solution.
11-12-2023 07:27 PM
@Arne Bier , I did some internal digging and found reference stating the following. The latter bug referenced is current not customer visible.
"ISE defect : https://cdetsng.cisco.com/summary/#/defect/CSCwd93721
As part of this defect, ISE removed the Prime support from ISE 3.1. P8, ISE 3.2 P3 and ISE 3.3.x onwards
Raised a separate defect with ISE CSCwh74135 for supporting the Prime integration."
11-12-2023 07:27 PM
@Arne Bier , I did some internal digging and found reference stating the following. The latter bug referenced is current not customer visible.
"ISE defect : https://cdetsng.cisco.com/summary/#/defect/CSCwd93721
As part of this defect, ISE removed the Prime support from ISE 3.1. P8, ISE 3.2 P3 and ISE 3.3.x onwards
Raised a separate defect with ISE CSCwh74135 for supporting the Prime integration."
11-12-2023 07:36 PM
thanks @Greg Gibbs - when I lookup CSCwd93721 I can see it relates to a PSIRT - so they must have pre-emptively shut the doors on TCP/443 REST API access to ISE. I'll keep a lookout in the next release notes.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide