Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1725
Views
0
Helpful
3
Replies

ISE MAR cache lost on restart of server

Go to solution
dan.letkeman
Level 4
Level 4

‎01-22-2018 11:53 AM - edited ‎02-21-2020 10:43 AM

Hello, 

 

I have found that when you restart the ISE server the MAR cache is lost.  Is there a way to keep this cache in tact when restarting the services / server?

 

People that leave their machine on over the weekend when we do the service on the system lose connection due to the fact that the policy will not allow the users back in because the machine authentication cache is lost.  The only solution is to reboot the workstation/laptop

 

Dan.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
dan.letkeman
Level 4
Level 4
In response to Rob Ingram

‎01-23-2018 09:53 AM

If you read the details in the documentation, the MAR cache is only saved if you manually shutdown the services.  When installing a patch the server is rebooted automatically which in turn deletes the MAR cache.

 

I have put in a feature request as this should be saved during a patch of the server.

 

Dan.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎01-22-2018 12:15 PM

What version of ISE are you running?

 

In ISE 2.3 it looks like - ISE reads the MAR cache entries from the file on its local disk based on the cache entry time to live when the Cisco ISE application services get restarted. When the application services of a Cisco ISE instance come up after a restart, Cisco ISE compares the current time of that instance with the MAR cache entry time. If the difference between the current time and the MAR entry time is greater than the MAR cache entry time to live, then Cisco ISE does not retrieve that entry from disk. Otherwise, Cisco ISE retrieves that MAR cache entry and updates its MAR cache entry time to live.   

 

0 Helpful

Go to solution
dan.letkeman
Level 4
Level 4
In response to Rob Ingram

‎01-22-2018 12:39 PM

I'm running 2.2 patch 5 and it looks like it is supposed to have that feature as well.

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_01101.html#id_18879

 

However, it seems that when you install a patch on the server it does not save these too a file.  It appears that a patch constitutes an "accidental" restart of the server and not a "manual" shutdown of the services.

 

I guess I will open a tac case.

 

Dan.

0 Helpful

Go to solution
dan.letkeman
Level 4
Level 4
In response to Rob Ingram

‎01-23-2018 09:53 AM

If you read the details in the documentation, the MAR cache is only saved if you manually shutdown the services.  When installing a patch the server is rebooted automatically which in turn deletes the MAR cache.

 

I have put in a feature request as this should be saved during a patch of the server.

 

Dan.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents