cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1584
Views
0
Helpful
1
Replies
Highlighted
Rising star

ISE_CONNECTION_RESULT_FAIL_HOST_REJECTS_BULKDOWNLOAD_HOSTNAME_QUERY

Hi All,

I'm facing an issue when trying to register FMC with ISE. " ISE_CONNECTION_RESULT_FAIL_HOST_REJECTS_BULKDOWNLOAD_HOSTNAME_QUERY" below is the error log

 

Primary host:
test: ISE connection.
Preparing ISE Connection objects...
Connecting to ISE server...
Beginning to connect to ISE server...
Captured Jabberwerx log:2019-11-11T13:10:28 [ INFO]: _reconnection_thread starts
Captured Jabberwerx log:2019-11-11T13:10:28 [ INFO]: pxgrid connection init done successfully
Captured Jabberwerx log:2019-11-11T13:10:28 [ INFO]: testing connecting to host XX.XX.XX.XX timeout=3 ...
Captured Jabberwerx log:2019-11-11T13:10:28 [ INFO]: testing connection to host OK XX.XX.XX.XX:Will use ip=XX.XX.XX.XX
Captured Jabberwerx log:2019-11-11T13:10:28 [ INFO]: connecting to host XX.XX.XX.XX ...
Captured Jabberwerx log:2019-11-11T13:10:28 [ INFO]: stream opened
Starting SSL Handshake, SSL state:before/connect initialization
Completed SSL Handshake, SSL state: SSL negotiation finished successfully
Captured Jabberwerx log:2019-11-11T13:10:28 [ INFO]: EXTERNAL authentication complete
Captured Jabberwerx log:2019-11-11T13:10:28 [ INFO]: authenticated successfully (sasl mechanism: EXTERNAL)
Captured Jabberwerx log:2019-11-11T13:10:28 [ INFO]: pxgrid_connection_connect: Connected. host=XX.XX.XX.XX
Captured Jabberwerx log:2019-11-11T13:10:29 [ INFO]: Controller version: 2.0.0.18
Captured Jabberwerx log:2019-11-11T13:10:29 [ INFO]: Account approved
Captured Jabberwerx log:2019-11-11T13:10:29 [ INFO]: CoreCapability successfully subscribed
Captured Jabberwerx log:2019-11-11T13:10:29 [ INFO]: _on_connect called
ISEConnection queries find the following capability states: [sessionDirectory: 1, endpointProfileMetaData: 1, securityGroupTagMetaData: 1, EPS: 1, ANC: 1]
Preparing subscription objects...
Subscribing to EndpointProfileMetaDataCapability.
Captured Jabberwerx log:2019-11-11T13:10:29 [ INFO]: EndpointProfileMetaDataCapability successfully subscribed
Subscribing to SecurityGroupTagMetaDataCapability.
Captured Jabberwerx log:2019-11-11T13:10:29 [ INFO]: TrustSecMetaDataCapability successfully subscribed
Subscribing to SessionDirectoryCapability.
Captured Jabberwerx log:2019-11-11T13:10:29 [ INFO]: SessionDirectoryCapability successfully subscribed
Subscribing to EndpointProtectionServiceCapability.
Captured Jabberwerx log:2019-11-11T13:10:30 [ INFO]: EndpointProtectionServiceCapability successfully subscribed
Subscribing to AdaptiveNetworkControlCapability.
Captured Jabberwerx log:2019-11-11T13:10:30 [ INFO]: AdaptiveNetworkControlCapability successfully subscribed
Done preparing subscription objects.
pxgrid_connection_query failed Capability not found request {http://www.cisco.com/pxgrid/identity}getSessionDirectoryHostnamesRequest
Failed to query SessionDirectory capability for bulk download hostnames.
ISE Server rejects bulk download hostname query.
...failed to connect to ISE server, with error:ISE_CONNECTION_RESULT_FAIL_HOST_REJECTS_BULKDOWNLOAD_HOSTNAME_QUERY. Shutting down ISEConnection.
Unknown failure connecting to ISE server.
connectionHealthPollingThread starting.
connectionHealthPollingThread interrupted.
connectionHealthPollingThread ending.
disconnecting pxgrid
Captured Jabberwerx log:2019-11-11T13:10:30 [ INFO]: stream closed; err_dom=(null)
2019-11-11T13:10:30 [ INFO]: destroying client ...
Captured Jabberwerx log:2019-11-11T13:10:30 [ INFO]: _on_disconnect called
Captured Jabberwerx log:2019-11-11T13:10:30 [ INFO]: Event loop exit. status=1
Captured Jabberwerx log:2019-11-11T13:10:30 [ INFO]: pxgrid_connection_disconnect completes
Captured Jabberwerx log:2019-11-11T13:10:30 [ INFO]: _reconnection_thread exits
Captured Jabberwerx log:2019-11-11T13:10:30 [ INFO]: pxgrid_connection_disconnect completes


Secondary host:
test: ISE connection.
Preparing ISE Connection objects...
Connecting to ISE server...
Beginning to connect to ISE server...
Captured Jabberwerx log:2019-11-11T13:10:30 [ INFO]: _reconnection_thread starts
Captured Jabberwerx log:2019-11-11T13:10:30 [ INFO]: pxgrid connection init done successfully
Captured Jabberwerx log:2019-11-11T13:10:30 [ INFO]: testing connecting to host YY.YY.YY.YY timeout=3 ...
Captured Jabberwerx log:2019-11-11T13:10:30 [ ERROR]: socket host=YY.YY.YY.YY:ip=YY.YY.YY.YY:port=5222 NOT connected: Connection refused
Captured Jabberwerx log:2019-11-11T13:10:30 [ INFO]: _on_disconnect called
Captured Jabberwerx log:2019-11-11T13:10:30 [ ERROR]: _reconnection_thread error Remote connection Failed, Host/IP Address is not correct or pxgrid Server is not reachable
...failed to connect to ISE server, with error:ISE_CONNECTION_RESULT_FAIL_CANNOT_CONNECT_HOST. Shutting down ISEConnection.
Unable to connect to ISE server at host: 'YY.YY.YY.YY'.
Unable to connect to ISE server at host: 'YY.YY.YY.YY'.
connectionHealthPollingThread starting.
connectionHealthPollingThread interrupted.
connectionHealthPollingThread ending.
disconnecting pxgrid
Captured Jabberwerx log:2019-11-11T13:10:30 [ INFO]: _reconnection_thread exits
Captured Jabberwerx log:2019-11-11T13:10:30 [ INFO]: pxgrid_connection_disconnect completes

 

ISE is on version 2.3 Patch 7 & FMC is on 6.2.3.14

 think am not suppose to hit this CSCvo75376 as this is already resolved in 2.3 patch 7.  Time on both the appliances are properly synced and verified.

 

from the logs " pxgrid_connection_query failed Capability not found " did i need to enable anything from ISE side...???

 

Regards,

Abheesh

 

 

1 REPLY 1
Highlighted
Cisco Employee

Setting up pxGrid in ISE 2.2 and newer is pretty straight forward as we use the internal certificate authority to sign pxGrid client certificates. Most issues we see when integrating other products via pxGrid are the result of certificate error. If you're confident that is not the issue, please open a TAC case to troubleshoot further.

Regards,
-Tim
Content for Community-Ad