cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
947
Views
5
Helpful
4
Replies

ISE Alarm : Warning : No Authentications in the last 15 minutes

desmobrains
Beginner
Beginner

Hello,

We are preparing at the moment to upgrade from ISE version 2.6 to 3.1.

A couple of days ago we patched version 2.6 with patch 10, as it is required, before we move on and upgrade to 3.1.

 

Patching was completed successfully, but since then we are getting below alert:

 

Alarm Name :

ISE Authentication Inactivity

Details :No Authentications in the last 15 minutes

Description : The ISE Policy Service nodes are not receiving Authentication requests from the Network Devices

Severity :Warning

Suggested Actions :

Check the ISE/NAD configuration, check the network connectivity of the ISE/NAD infrastructure.

*** This message is generated by Cisco Identity Services Engine (ISE) ***

 

I am looking to find that alert to disabled it, but I can't.

Before patching we didn't get such an alert though.

Any ideas are welcomed.

 

Thank you.

1 Accepted Solution

Accepted Solutions

Damien Miller
VIP Advisor VIP Advisor
VIP Advisor

I wouldn't suggest disabling this alert, it is indicative of a problem in most cases, it means either logs are not being recieved/processed from one or more of your PSNs, or logging has stopped completely. Are you also seeing queue link alarms being generated? 

The most common cause after a patch install for this is the enabling of the ISE messaging service. You can check if it's enabled here;
https://<ise admin IP>/admin/#administration/administration_system/administration_system_logging/local_log

ims.JPG

If this is enabled, you can disable it and see if the alarms stop. If the alarms stop you can regenerate the ISE Root CA cert, then the ISE messaging service certificate. These two cert replacements typically fix the most common cause of this issue. I definitely recommend a TAC case to fix this if you're not comfortable doing this operation or it doesn't resolve the issue. 

View solution in original post

4 Replies 4

tjezer
Beginner
Beginner
Hi desmobrains!

Hope everything is well with you.

You can disable it on:
Administration / System / Settings / Alarm Settings: ISE Authentication
Inactivity. Set Status to "Disable".

Regards!

Damien Miller
VIP Advisor VIP Advisor
VIP Advisor

I wouldn't suggest disabling this alert, it is indicative of a problem in most cases, it means either logs are not being recieved/processed from one or more of your PSNs, or logging has stopped completely. Are you also seeing queue link alarms being generated? 

The most common cause after a patch install for this is the enabling of the ISE messaging service. You can check if it's enabled here;
https://<ise admin IP>/admin/#administration/administration_system/administration_system_logging/local_log

ims.JPG

If this is enabled, you can disable it and see if the alarms stop. If the alarms stop you can regenerate the ISE Root CA cert, then the ISE messaging service certificate. These two cert replacements typically fix the most common cause of this issue. I definitely recommend a TAC case to fix this if you're not comfortable doing this operation or it doesn't resolve the issue. 

I 100% concur with @Damien Miller and this exact same thing happened to a customer of mine yesterday after we upgraded from 2.6 to 2.7 and applied latest patch. ISE was processing a ton of requests but the Alarm told the exact opposite. And then of course those cursed Queue-Link errors! I regenerated the internal CA because the customer (luckily) doesn't use it and all was well afterwards. 

 

Thank you Damien, that one did the job.

 

Cheers,

Panos

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers