Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2236
Views
5
Helpful
8
Replies

ISE alarms : no authentications in last 15 mins

Go to solution
umeshunited
Level 1
Level 1

‎12-08-2018 09:01 AM

Recently started getting auto mail from ISE messages. Using ISE VM version 2.4.0.357

We are having two node deployment. Getting mails from only one node. 

Even though authentications requests are coming to second ISE box.

 

Alarm Name :

ISE Authentication Inactivity

 

Details :

No Authentications in the last 15 minutes

 

Description :

The ISE Policy Service nodes are not receiving Authentication requests from the Network Devices

 

Severity :

Warning

 

Suggested Actions :

Check the ISE/NAD configuration, check the network connectivity of the ISE/NAD infrastructure.

 

*** This message is generated by Cisco Identity Services Engine (ISE) ***

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎12-08-2018 10:40 AM

We also get these on one of our 2.4 deployments for no explainable reason and with no pattern.  With an average of ~150k active endpoints at any given point throughout the day, It's just not possible that there is a 15 minute period with no radius authentications.  

In theory this should be a critical alarm/scenario for most deployments I've worked on.  It would mean that either the collector has backed up on the MNT or something far more catastrophic like simultaneously losing all the load balancers for 15+ minutes. 

There were a few bugs related to the collector and syslogs in 2.4 p1/p2/p3 that could cause this alarm, but those have been addressed.  Are you on 2.4 patch 4 or patch 5, and how often are you seeing this alarm? 

View solution in original post

8 Replies 8

Go to solution
Nadav
Level 7
Level 7

‎12-08-2018 09:47 AM

I recall emails only being sent from the MnT persona, is that the one node sending the emails?

0 Helpful

Go to solution
umeshunited
Level 1
Level 1
In response to Nadav

‎12-08-2018 11:30 AM

Yes, Mnt (Prim) is sending emails. 

0 Helpful

Go to solution
umeshunited
Level 1
Level 1
In response to Nadav

‎12-08-2018 11:30 AM

Yes, Mnt (Prim) is sending emails. 

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎12-08-2018 10:40 AM

We also get these on one of our 2.4 deployments for no explainable reason and with no pattern.  With an average of ~150k active endpoints at any given point throughout the day, It's just not possible that there is a 15 minute period with no radius authentications.  

In theory this should be a critical alarm/scenario for most deployments I've worked on.  It would mean that either the collector has backed up on the MNT or something far more catastrophic like simultaneously losing all the load balancers for 15+ minutes. 

There were a few bugs related to the collector and syslogs in 2.4 p1/p2/p3 that could cause this alarm, but those have been addressed.  Are you on 2.4 patch 4 or patch 5, and how often are you seeing this alarm? 

Go to solution
umeshunited
Level 1
Level 1
In response to Damien Miller

‎12-08-2018 11:32 AM

They started few hours back  only. Email is being triggered by Mnt (Prim) every 15 mins. Still getting mails.

We have not applied any patch to 2.4 

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to umeshunited

‎12-08-2018 11:37 AM

You should likely have the latest patch as there are many changes since 2.4 came out
0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎12-08-2018 11:30 AM

Do you have any sort of vm snapshots or back ups going on at that time
0 Helpful

Go to solution
umeshunited
Level 1
Level 1
In response to Jason Kunst

‎12-08-2018 11:46 AM

No backups/ vm snapshot  was scheduled when it started.

0 Helpful
Customers Also Viewed These Support Documents