Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1228
Views
1
Helpful
2
Replies

ISE 3.2 and Prime Infrastructure 3.10 integration issue

Go to solution
Arne Bier
VIP
VIP

‎11-12-2023 06:40 PM

Hi

I used to have ISE 3.0p5 and Prime Infrastructure 3.10 integrated.

Since upgrading from ISE 3.0 to 3.2, the integration no longer works. Prime complains that the username and/or password is incorrect. 

Error(s): You must correct the following error(s) before proceeding:

Error:Identity Services Engine with IP address 1.2.3.4 has incorrect password. Please enter a valid password

I also tried the "admin" creds - doesn't work. The error seems to fluctuate between my IP being wrong, or the password or the username and the password. Prime can be really fickle.

I am pointing ISE to one of the MNTs and the username/password is a defined admin account in ISE Admins. I can log into the MNT Web UI using the account. I also added the creds to the MNT's CLI (just in case). And the MNT and Prime are on the same IP subnet (no FW).

It should work ... shouldn't it? I can see my web login and logout using that same account in the ISE Reports > Audit > Administrator Logins but I can't see the supposed attempts from Prime.

Pls don't slam me for still using Prime. It's doing a great job. We also have DNAC but I sometimes use Prime too.

2 people had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎11-12-2023 07:27 PM

@Arne Bier , I did some internal digging and found reference stating the following. The latter bug referenced is current not customer visible.

"ISE defect : https://cdetsng.cisco.com/summary/#/defect/CSCwd93721
As part of this defect, ISE removed the Prime support from ISE 3.1. P8, ISE 3.2 P3 and ISE 3.3.x onwards
Raised a separate defect with ISE CSCwh74135 for supporting the Prime integration."

View solution in original post

2 Replies 2

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎11-12-2023 07:27 PM

@Arne Bier , I did some internal digging and found reference stating the following. The latter bug referenced is current not customer visible.

"ISE defect : https://cdetsng.cisco.com/summary/#/defect/CSCwd93721
As part of this defect, ISE removed the Prime support from ISE 3.1. P8, ISE 3.2 P3 and ISE 3.3.x onwards
Raised a separate defect with ISE CSCwh74135 for supporting the Prime integration."

Go to solution
Arne Bier
VIP
VIP

‎11-12-2023 07:36 PM

thanks @Greg Gibbs - when I lookup CSCwd93721 I can see it relates to a PSIRT - so they must have pre-emptively shut the doors on TCP/443 REST API access to ISE. I'll keep a lookout in the next release notes.

 

0 Helpful
Customers Also Viewed These Support Documents