02-21-2022 04:26 AM
Hello,
We are preparing at the moment to upgrade from ISE version 2.6 to 3.1.
A couple of days ago we patched version 2.6 with patch 10, as it is required, before we move on and upgrade to 3.1.
Patching was completed successfully, but since then we are getting below alert:
Alarm Name :
ISE Authentication Inactivity
Details :No Authentications in the last 15 minutes
Description : The ISE Policy Service nodes are not receiving Authentication requests from the Network Devices
Severity :Warning
Suggested Actions :
Check the ISE/NAD configuration, check the network connectivity of the ISE/NAD infrastructure.
*** This message is generated by Cisco Identity Services Engine (ISE) ***
I am looking to find that alert to disabled it, but I can't.
Before patching we didn't get such an alert though.
Any ideas are welcomed.
Thank you.
Solved! Go to Solution.
02-21-2022 09:05 AM
I wouldn't suggest disabling this alert, it is indicative of a problem in most cases, it means either logs are not being recieved/processed from one or more of your PSNs, or logging has stopped completely. Are you also seeing queue link alarms being generated?
The most common cause after a patch install for this is the enabling of the ISE messaging service. You can check if it's enabled here;
https://<ise admin IP>/admin/#administration/administration_system/administration_system_logging/local_log
If this is enabled, you can disable it and see if the alarms stop. If the alarms stop you can regenerate the ISE Root CA cert, then the ISE messaging service certificate. These two cert replacements typically fix the most common cause of this issue. I definitely recommend a TAC case to fix this if you're not comfortable doing this operation or it doesn't resolve the issue.
02-21-2022 05:44 AM
02-21-2022 09:05 AM
I wouldn't suggest disabling this alert, it is indicative of a problem in most cases, it means either logs are not being recieved/processed from one or more of your PSNs, or logging has stopped completely. Are you also seeing queue link alarms being generated?
The most common cause after a patch install for this is the enabling of the ISE messaging service. You can check if it's enabled here;
https://<ise admin IP>/admin/#administration/administration_system/administration_system_logging/local_log
If this is enabled, you can disable it and see if the alarms stop. If the alarms stop you can regenerate the ISE Root CA cert, then the ISE messaging service certificate. These two cert replacements typically fix the most common cause of this issue. I definitely recommend a TAC case to fix this if you're not comfortable doing this operation or it doesn't resolve the issue.
02-21-2022 03:01 PM
I 100% concur with @Damien Miller and this exact same thing happened to a customer of mine yesterday after we upgraded from 2.6 to 2.7 and applied latest patch. ISE was processing a ton of requests but the Alarm told the exact opposite. And then of course those cursed Queue-Link errors! I regenerated the internal CA because the customer (luckily) doesn't use it and all was well afterwards.
02-23-2022 02:20 AM
Thank you Damien, that one did the job.
Cheers,
Panos
12-05-2022 02:33 PM
Use case varies. My office is hybrid at best, so most of the time there certainly are no authentications being made in 15 minutes.. nobody is even there. In my case, there just wasn't enough authentication traffic to keep it chatty for this threshold.. so even increasing the interval would not prove helpful in my case.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide