Re: ISE node registration failed

Wesoley · ‎06-12-2020

Dear community,

I am trying to join a secondary ISE node to primary and is receiving the following error in the application ise-psc.log

2020-06-12 20:25:15,897 WARN [Thread-34][] deployment.client.cert.validator.Ht tpsCertPathValidatorImpl -::::- Error occurred while getting certificates from host: ise-2.xxx.org. java.security.SignatureException: Signature does not match.
2020-06-12 20:25:16,099 WARN [pool-4630-thread-1][] cisco.epm.cert.validator.C RLCache -::::- Unable to download CRL javax.naming.NamingException: [LDAP: errorcode 1 - 000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this op eration a successful bind must be completed on the connection., data 0, v2580 remaining name ''
2020-06-12 20:25:16,099 WARN [Thread-34][] cisco.epm.cert.validator.CRLChecker-::::- Unable to download CRL from ldap

I have imported the ise-2 certificate on ise-1 and vice-versa. I have imported the Root CA on both nodes. The DNS and reverse records are fine. Any help will be appreciated.

poongarg · ‎06-13-2020

Kindly refer below Cisco Live presentation to troubleshoot replication issue on ISE:
https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2018/pdf/BRKSEC-3229.pdf

Anurag Sharma · ‎06-13-2020

Hi @Wesoley ,

What's the ISE version (including patches) installed on those nodes?

Is it a first-time setup or was it running fine earlier?

Check if you are running into https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt36324 by any chance.

Hope that helps!
Please 'RATE' and 'MARK ACCEPTED', if applicable.

Wesoley · ‎06-13-2020

Apologies. I am using ISE 2.6 patch 6. I will check to see if this is the issue. Thank you