ISE Secondary node sync up failed

aravikumar · ‎08-20-2019

Hello,

In our customer environment, the Node status of the secondary ISE node is showing up as "Replication Stopped".

By logging into the CLI, we checked the ntp server configuration of both primary and secondary nodes they are the same.

We tried to sync up the secondary node manually from GUI but we are seeing the following error

"Unable to sync node Secondary-ISE-Hostname"

Please check the attached screenshots. Any help would be appreciated.

Thanks,

Aravind Ravikumar

Arne Bier · ‎08-20-2019

Any idea what changed since this started happening?

What does the "show application status ise" show on the secondary node?

Are they on same VLAN? If not, is there IP connectivity between the two nodes? can they ping each other (if ICMP is allowed).

If all else fails ... reboot does a world of good :-(

Afolarin Omole · ‎08-21-2019

@aravikumar

Seen this before , de-register the secondary device and register it again , then re-sync . But in my own case i did couple of things which are listed below :

De-register the SEC PAN ( making the device standalone)
Reset context visibility using application config ise command
Resetconfig using application reset-config ise command

After doing the above , then i re-register the secondary PAN , i did all this within a change window , so i don't know it effect on production. Just know that doing all the above will restart ISE service.