Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1170
Views
0
Helpful
1
Replies

ISE repository user gets repeatedly locked

tsme
Level 1
Level 1

‎06-26-2020 02:48 AM

hi folks,

 

I have a 2-node-deployment (taken over from an other service provider) running on version 2.4 P9

Configured is a SFTP-repository which user's password has been changed ~2 months ago.
I updated the passwd in GUI, so i gets replicated.

Now we notice that the account (linux host as repository) gets locked repeatedly.
Our Unix team had given me an excerpt from the logfile - all failed connection attempts came from my PAN's IP address.

 

The question now is;

  1. why/where is my PAN using wrong credentials 
  2. are these connections logged on PAN, so that we can lookup what user/process/whatever is trying to connect with wrong credentials
  3. Is it possible that there is a ScheduledReport (from an user that has been deleted) that causes this problem?

regards

PT

 

0 Helpful
1 Reply 1

Arne Bier
VIP
VIP

‎07-17-2020 10:48 PM

Hi @tsme 

 

If you have a scheduled config or operational backup then ISE will attempt to authenticate to that sftp repository at the configured interval (e.g. daily, weekly, etc.).

If you configured the repo credentials in the GUI then it should replicate to all the nodes in the deployment (as you stated).

If I were you I would SSH to each node's CLI and issue the command

show repository <repo_name>

to check whether the command works - if it works then you should see the directory contents. Do it on BOTH nodes. Perhaps one of the nodes has an issue because password didn't replicate. And also check that you have the crypto keys on both nodes.

Command : 

show crypto host_keys
0 Helpful
Customers Also Viewed These Support Documents