Solved: Re: ISE Alarm : Warning : No Authentications in the last 15 minutes

desmobrains · ‎02-21-2022

Hello,

We are preparing at the moment to upgrade from ISE version 2.6 to 3.1.

A couple of days ago we patched version 2.6 with patch 10, as it is required, before we move on and upgrade to 3.1.

Patching was completed successfully, but since then we are getting below alert:

Alarm Name :

ISE Authentication Inactivity

Details :No Authentications in the last 15 minutes

Description : The ISE Policy Service nodes are not receiving Authentication requests from the Network Devices

Severity :Warning

Suggested Actions :

Check the ISE/NAD configuration, check the network connectivity of the ISE/NAD infrastructure.

*** This message is generated by Cisco Identity Services Engine (ISE) ***

I am looking to find that alert to disabled it, but I can't.

Before patching we didn't get such an alert though.

Any ideas are welcomed.

Thank you.

Damien Miller · ‎02-21-2022

I wouldn't suggest disabling this alert, it is indicative of a problem in most cases, it means either logs are not being recieved/processed from one or more of your PSNs, or logging has stopped completely. Are you also seeing queue link alarms being generated?

The most common cause after a patch install for this is the enabling of the ISE messaging service. You can check if it's enabled here;
https://<ise admin IP>/admin/#administration/administration_system/administration_system_logging/local_log

If this is enabled, you can disable it and see if the alarms stop. If the alarms stop you can regenerate the ISE Root CA cert, then the ISE messaging service certificate. These two cert replacements typically fix the most common cause of this issue. I definitely recommend a TAC case to fix this if you're not comfortable doing this operation or it doesn't resolve the issue.

View solution in original post

tjezer · ‎02-21-2022

Hi desmobrains!

Hope everything is well with you.

You can disable it on:
Administration / System / Settings / Alarm Settings: ISE Authentication
Inactivity. Set Status to "Disable".

Regards!

Damien Miller · ‎02-21-2022

I wouldn't suggest disabling this alert, it is indicative of a problem in most cases, it means either logs are not being recieved/processed from one or more of your PSNs, or logging has stopped completely. Are you also seeing queue link alarms being generated?

The most common cause after a patch install for this is the enabling of the ISE messaging service. You can check if it's enabled here;
https://<ise admin IP>/admin/#administration/administration_system/administration_system_logging/local_log

If this is enabled, you can disable it and see if the alarms stop. If the alarms stop you can regenerate the ISE Root CA cert, then the ISE messaging service certificate. These two cert replacements typically fix the most common cause of this issue. I definitely recommend a TAC case to fix this if you're not comfortable doing this operation or it doesn't resolve the issue.

Arne Bier · ‎02-21-2022

I 100% concur with @Damien Miller and this exact same thing happened to a customer of mine yesterday after we upgraded from 2.6 to 2.7 and applied latest patch. ISE was processing a ton of requests but the Alarm told the exact opposite. And then of course those cursed Queue-Link errors! I regenerated the internal CA because the customer (luckily) doesn't use it and all was well afterwards.

desmobrains · ‎02-23-2022

Thank you Damien, that one did the job.

Cheers,

Panos

ianwatts · ‎12-05-2022

Use case varies. My office is hybrid at best, so most of the time there certainly are no authentications being made in 15 minutes.. nobody is even there. In my case, there just wasn't enough authentication traffic to keep it chatty for this threshold.. so even increasing the interval would not prove helpful in my case.