Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2408
Views
5
Helpful
4
Replies

ISE Alarm : Warning : Configured nameserver is not responsive within timeout period.

ryan14
Level 1
Level 1

‎04-06-2021 06:34 AM

Is there a way to get a debug log or something more verbose than the alarm on what nameserver or what query the ISE node had trouble with? In the GUI, if I go to the alarm, it says no details available and repeats the alarm message.

 

ISE 2.7 patch 3.

0 Helpful
4 Replies 4

Marcelo Morais
VIP
VIP

‎04-06-2021 07:06 AM

Hi,

 at Administration > System > Logging > Debug Log Configuration > select your Node > choose the Component Name and change the Log Level.

debug.png

Hope this helps !!!

ryan14
Level 1
Level 1
In response to Marcelo Morais

‎04-06-2021 08:07 AM

Thanks any idea which component to change?

0 Helpful

101100101
Level 1
Level 1
In response to ryan14

‎04-06-2021 12:45 PM

That won't change anything related to the alarm detail, only the severity it logs as.

 

Curious are any of your name servers actually not responding or are they healthy? If you have a multi-node environment is the alert happening for all nodes? Lastly do you have any AD domains listed as Unuseable? (External Identity Sources -> AD Domain -> Whitelisted Domains -> Show Unuseable Domains)

 

I ask because I am running the same version and patch, and it looks like I am hitting CSCvh02628 even though it should be resolved at this point. TAC is working now on attempting to replicate in the lab and see if its a regression.

0 Helpful

ryan14
Level 1
Level 1
In response to 101100101

‎04-06-2021 01:55 PM

Thats kinda why I wanted to know which log to look at to see which server it is having issues with. I have two ISE nodes in separate DCs and the one reporting the issue is a new server which talks to different DNS servers. But if I go to External Identity Sources and look at the status, they all show green. Unusable domains shows 'domain trust is one way' for one join point, but that is how it was before. I guess I could try changing DNS servers to see if the issue persists. Its random and the event only occurs 1-2 times a day, but for just one node.

0 Helpful
Customers Also Viewed These Support Documents