Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1792
Views
0
Helpful
6
Replies

ISE Web GUI won't load

Nerd_Herd
Level 1
Level 1

‎02-27-2024 10:43 AM - edited ‎02-29-2024 01:48 PM

I'm running 3.1.0.518 P8 . I recently registered nodes in a distributed deployment. GUI was working fine, today someone reported that they couldn't get to the GUI. I tried from Chrome, Edge and Firefox no luck. The only change was them being registered. I deregistered the two nodes and I still can't get to to the GUI. I've stopped and started ISE. Started ISE in safe mode and rebooted. Application server shows as running on both nodes and they can ping other devices. What are my next steps for troubleshooting?

 

Edit: In the end I just reset ISE. I think the certificate broke when I registered the primary from another deployment to a new primary. This caused the node to stop listening on port 443 breaking GUI access. 

0 Helpful
6 Replies 6

ahollifield
VIP
VIP

‎02-27-2024 10:48 AM

You registered or deregistered nodes?  What does "show ports" show on the CLI?  Did your admin certificate expire?  Are you using DNS or IP to attempt to login?

https://community.cisco.com/t5/security-documents/how-to-ask-the-community-for-help/ta-p/3704356

0 Helpful

Nerd_Herd
Level 1
Level 1
In response to ahollifield

‎02-27-2024 10:52 AM

I deregistered the nodes after it was pointed out that the GUI couldn't be reached as that was the only recent change before the issue occurred. I tried to access by IP and DNS. Am I looking for something specific with the show ports command? 

0 Helpful

ahollifield
VIP
VIP
In response to Nerd_Herd

‎02-27-2024 11:19 AM

Yes see if 443 is open.  You deregistered before the GUI issue or after?  How exactly did you deregister the nodes without the GUI up?  "show application status ise" shows all services running?

0 Helpful

Nerd_Herd
Level 1
Level 1
In response to ahollifield

‎02-27-2024 11:23 AM

I have 4 nodes total. I recently added the 2 that I'm having trouble with to my primary. It was from the working primary that I deregistered them. 

sh ports | in 443
tcp: 127.0.0.1:8888, :::9085, :::9090, :::9443, 127.0.0.1:2020, :::9060, :::9061, :::9063, :::5514, :::9002, :::1099, :::8910, :::9070, :::10227, :::9080

JeremyEdwards_0-1709061788589.png

 

0 Helpful

ahollifield
VIP
VIP
In response to Nerd_Herd

‎02-27-2024 11:26 AM

So I don't see 443 listed.  I would try a reload (if you haven't already).  Otherwise this typically indicates a certificate issue in my experience.  Were any certificate changes performed when registering the new nodes?  What type of deployment is this?  2xPAN+MnT and 2xPSN?

0 Helpful

Nerd_Herd
Level 1
Level 1
In response to ahollifield

‎02-27-2024 11:29 AM

I'll try a reload again. Is there anyway to check certs from the CLI? The only cert message was the one that references importing them when you register a node. I've attached the design I was going for. The two additions were in their own primary/secondary setup before I changed them to standalone. 

Preview file
200 KB
0 Helpful
Customers Also Viewed These Support Documents