05-26-2019 02:02 PM - edited 02-21-2020 11:06 AM
Hi Experts,
I have two-node ISE deployment at my customer site. Also PassiveID has been enabled on both the nodes. I have around 30 DC's configured for WMI.
Now my question is regarding high availability for passiveID between these two nodes. As per the notes, I can understand that both the nodes are working as Active/Passive ( One node active and the other one hot standby). When I went to the CLI and tried to find out which one is active, I found out my secondary node seems to be active. I could find some logs from "show logging application passiveid-mgmt.log tail"as below:
"2019-05-27 02:12:21,036 INFO [admin-http-pool769][] cisco.cda.mgmt.rest.ADProbeElectionManager- PassiveID Management Service :: The node 'Secondary.org' was selected as primary.
How does this election happens and are both the nodes fetching WMI events from every DC or just primary node fetches WMI events from every DC's and getting synced with secondary node ??
Thanks in advance,
Milin.
05-30-2019 10:33 AM
05-30-2019 02:24 PM
...How does this election happens and are both the nodes fetching WMI events from every DC or just primary node fetches WMI events from every DC's and getting synced with secondary node ??
...
I believe it would be the first node available to become the primary. Only the primary node acts as the WMI client to fetch the Kerberos events of interest from the configured DCs. The second node is standby and will become active and take over the primary role when the existing primary becomes unavailable.
05-30-2019 11:32 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide