Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1106
Views
0
Helpful
3
Replies

ISE failover between PSNs not working

Kashish_Patel
Level 2
Level 2

‎07-29-2012 11:54 PM - edited ‎03-10-2019 07:21 PM

This has never worked for us. We have two Policy Service Nodes. But when the first goes down, clients are not getting authenticated through second.

Even when first comes up, clients still don't get authenticated. Reason for this looks to be the absence of network devices. After reboot of the first PSN, its network devices list is empty, so we have to import the devices' list again. Why is the network device list empty after reboot of the primary PSN? Is this a known issue?

Labels:
0 Helpful
3 Replies 3

Tarik Admani
VIP Alumni
VIP Alumni

‎07-30-2012 03:38 AM

Are your two psns also admin and mnt personas as well? I am just curious on how you can view the network device entries.

I would recheck the database admin and user passwords, seems as if replication between these two nodes are not acting properly. Also did you install any patches?

Thanks,

Sent from Cisco Technical Support iPad App

0 Helpful

Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎07-17-2013 03:30 AM

This may a be happening due to

• Out of Sync

• Node is not reachable

• Replication disabled

0 Helpful

Shaoqin Li
Level 3
Level 3

‎07-17-2013 09:23 AM

the auth behavior when primary down depends on NAS , whether you configured correctly under primary death , and whether NAS detect the situation, and starting auth against secondary.

database should not be gone, check PSN connection between PAN, or open tac case.

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents