02-06-2019 04:19 AM
I had two ISE VM nodes running on 2.4 ( no patch) with in sufficient resources. I was getting multiple alarms.
I made one node primary for both Admin and MnT personas and de-registered the second node. Then I registered a newly created VM node with sufficient resources. So one node is running with in-sufficient resources and another with recommended resources. The one with in-sufficient resources is having both personas as primary. And I see tacacs live logs there.But when I promote newly registered node as primary MnT node. I do not see any TACACS live logs.
I tried to removing and adding logcollector and logcollector2 from tacacs logging catagories and also tried manyal sync.
Solved! Go to Solution.
02-12-2019 08:34 AM
Please do apply the latest patch. You might need to reset M&T database after the patching. If that not. helping, please open a TAC case to debug further.
Below are two known bugs:
02-06-2019 04:38 AM
Is this only the tacacs+ logs you dont see and do you receive radius logs?
Im sure you have Double checked that you have Tacacs+ services enabled and tested some NADs which are using the correct Tacacs+ server :)
If not in production I would bounce which is less attractive.
If problem persists please work with TAC to troubleshoot.
02-06-2019 05:46 AM
Hello Idanny,
Thank you for your reply.
We are not using Radius , we are using device administration only.
192.168.255.251 is my primary admin and primary MnT node.
192.168.255.252 is my Sec admin and Sec MnT node.
For above mentioned state I am getting live logs.
But when I change the persons so that
192.168.255.251 is my primary admin and Sec MnT node.
192.168.255.252 is my Sec admin and Sec primary node
I do not see any logs.
02-21-2019 04:55 AM
Hello,
Yes I have TAC opened for it.
Will soon share findings/results.
02-12-2019 08:34 AM
Please do apply the latest patch. You might need to reset M&T database after the patching. If that not. helping, please open a TAC case to debug further.
Below are two known bugs:
02-21-2019 04:55 AM
Hello ,
Apologies for delayed response.
I applied patch and it did not resolve my issue. So I went for MnT database reset.
I had one TAC going on , engineer said that reset might have revert all changes that patch applied. So you need to patch it again. My priority is to bring both nodes resources to the recommended level and then apply patch and see if it resolves my issue or not. Will keep posting my observation.
thanks,
02-21-2019 04:55 AM
Hello ,
Apologies for delayed response.
I applied patch and it did not resolve my issue. So I went for MnT database reset.
I had one TAC going on , engineer said that reset might have revert all changes that patch applied. So you need to patch it again. My priority is to bring both nodes resources to the recommended level and then apply patch and see if it resolves my issue or not. Will keep posting my observation.
thanks,
04-28-2021 08:01 AM
Hi,
Did you solve the issue? I am having same issue in my two node deployment. From NAD, I issue commands test aaa group tacacs username password new-code, which results in successful authentication, but no logs showing in the ISE TACACS Logs.
NAD is added successfully in ISE;
There is ping between ISE and NAD device;
TACACS server is configured with the right ip;
TACACS configuration commands added due to its successful test aaa.... result.
Any thoughts or suggestions would be highly appreciated.
Thank you,
Laura
07-18-2021 12:44 AM
i also have similar problem. i can see that there is no update since long time. please update on if someone find a solution.
07-19-2021 09:19 AM
Hi,
Please use following:
aaa authentication login default group tacacs+ local
Hope it helps!
Best,
Laura
07-27-2021 06:28 AM
In my case I had two node deployment, if I promote newly deployed node as my primary MnT I could not see any T+ logs (new logs). I had a case opened and I installed hot fix , even that did not solve it. Then BU was engaged and they cleared some stuck dB processes on the ISE and then it was fixed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide