cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2298
Views
10
Helpful
5
Replies

ISE Alarm : Warning : No Authentications in the last 15 minutes

desmobrains
Level 1
Level 1

Hello,

We are preparing at the moment to upgrade from ISE version 2.6 to 3.1.

A couple of days ago we patched version 2.6 with patch 10, as it is required, before we move on and upgrade to 3.1.

 

Patching was completed successfully, but since then we are getting below alert:

 

Alarm Name :

ISE Authentication Inactivity

Details :No Authentications in the last 15 minutes

Description : The ISE Policy Service nodes are not receiving Authentication requests from the Network Devices

Severity :Warning

Suggested Actions :

Check the ISE/NAD configuration, check the network connectivity of the ISE/NAD infrastructure.

*** This message is generated by Cisco Identity Services Engine (ISE) ***

 

I am looking to find that alert to disabled it, but I can't.

Before patching we didn't get such an alert though.

Any ideas are welcomed.

 

Thank you.

1 Accepted Solution

Accepted Solutions

Damien Miller
VIP Alumni
VIP Alumni

I wouldn't suggest disabling this alert, it is indicative of a problem in most cases, it means either logs are not being recieved/processed from one or more of your PSNs, or logging has stopped completely. Are you also seeing queue link alarms being generated? 

The most common cause after a patch install for this is the enabling of the ISE messaging service. You can check if it's enabled here;
https://<ise admin IP>/admin/#administration/administration_system/administration_system_logging/local_log

ims.JPG

If this is enabled, you can disable it and see if the alarms stop. If the alarms stop you can regenerate the ISE Root CA cert, then the ISE messaging service certificate. These two cert replacements typically fix the most common cause of this issue. I definitely recommend a TAC case to fix this if you're not comfortable doing this operation or it doesn't resolve the issue. 

View solution in original post

5 Replies 5

tjezer
Level 1
Level 1
Hi desmobrains!

Hope everything is well with you.

You can disable it on:
Administration / System / Settings / Alarm Settings: ISE Authentication
Inactivity. Set Status to "Disable".

Regards!

Damien Miller
VIP Alumni
VIP Alumni

I wouldn't suggest disabling this alert, it is indicative of a problem in most cases, it means either logs are not being recieved/processed from one or more of your PSNs, or logging has stopped completely. Are you also seeing queue link alarms being generated? 

The most common cause after a patch install for this is the enabling of the ISE messaging service. You can check if it's enabled here;
https://<ise admin IP>/admin/#administration/administration_system/administration_system_logging/local_log

ims.JPG

If this is enabled, you can disable it and see if the alarms stop. If the alarms stop you can regenerate the ISE Root CA cert, then the ISE messaging service certificate. These two cert replacements typically fix the most common cause of this issue. I definitely recommend a TAC case to fix this if you're not comfortable doing this operation or it doesn't resolve the issue. 

I 100% concur with @Damien Miller and this exact same thing happened to a customer of mine yesterday after we upgraded from 2.6 to 2.7 and applied latest patch. ISE was processing a ton of requests but the Alarm told the exact opposite. And then of course those cursed Queue-Link errors! I regenerated the internal CA because the customer (luckily) doesn't use it and all was well afterwards. 

 

Thank you Damien, that one did the job.

 

Cheers,

Panos

ianwatts
Level 1
Level 1

Use case varies.  My office is hybrid at best, so most of the time there certainly are no authentications being made in 15 minutes.. nobody is even there.  In my case, there just wasn't enough authentication traffic to keep it chatty for this threshold.. so even increasing the interval would not prove helpful in my case.