Issue with PSN Logs and 802.1X Authentication After Upgrading to Patch

m.soleimani · ‎03-08-2025

Hi everyone,
I’m running Cisco ISE version 3.1.0.518. About 30 days ago, I changed the Root CA and all PSN certificates, and everything worked fine.

Two weeks ago, I upgraded to Patch 10, and the system continued to function normally. However, five days ago, I noticed that I was no longer receiving live logs from other PSN nodes, and new devices were unable to connect via 802.1X authentication.

To troubleshoot, I restarted the affected PSN node, which temporarily resolved the issue, but the problem has returned.

Has anyone encountered this issue before, or does anyone have suggestions on how to resolve it?

Thanks in advance for your help!

marce1000 · ‎03-08-2025

- This document offers ISE debugging info's and possible logs to examine :
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/222247-use-debugging-system-to-troubleshoot-ise.html

A common one to start with is show logging system ade/ADE.log tail (or without the tail option)

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

m.soleimani · ‎03-25-2025

Hi marce,

Here is the log from one of our PSNs. I would appreciate any insights or suggestions. Thanks!

m.soleimani · ‎03-16-2025

I regenerated the ISE messaging service certificate for both the primary and secondary nodes, as well as all PSNs. The issue was resolved for 2 to 3 days, but then it reoccurred. Has anyone encountered this before or found a permanent solution?

klnnnnng · ‎03-26-2025

I see only one ERROR and couple of FAILED events in the logs:

2025-03-26T09:46:06.178094+03:30 THT-ISE-01 kong-error 2025/03/26 09:46:06 [info] 25#0: *76833060 client 172.17.26.24 closed keepalive connection

Maybe there is a DB issue, bug or some other problem. Have you tried contacting TAC?