Hi there,

Im having som trouble setting up PassiveID in a new ISE install.
ise version 3.4 patch 4

I have 3 nodes, all of them have passiveid enabled, and i can see the service running in cli with 'sh app stat ise'

in the ise passiveid-agent.log i see this continuously:
2026-01-14 13:28:33,941 ERROR [Timer-0][[]] com.cisco.idc.agent-probe -:::::- Agent DC04.domain.dk did not set DCs status during the last 5 minutes - marking it down.
2026-01-14 13:28:33,942 ERROR [Timer-0][[]] com.cisco.idc.agent-probe -:::::- Make sure agent is up and running.. Identity Mapping.probe = Agent , Identity Mapping.dc-host = DC04.domain.dk , Identity Mapping.server = ISEPAN-01 ,
2026-01-14 13:28:33,942 ERROR [Timer-0][[]] com.cisco.idc.agent-probe -:::::- Make sure agent is up and running.. Identity Mapping.probe = Agent , Identity Mapping.dc-host = DC04.domain.dk , Identity Mapping.server = ISEPSN-01 ,
2026-01-14 13:28:33,942 ERROR [Timer-0][[]] com.cisco.idc.agent-probe -:::::- Make sure agent is up and running.. Identity Mapping.probe = Agent , Identity Mapping.dc-host = DC04.domain.dk , Identity Mapping.server = ISEMON-01 ,

and on the DC in the CiscoISEPICAgent log i see this:
2026-01-14 13:31:29,652 ERROR - Rest Client, Error getting configuration from https://ISEPAN-01.domain.dk:9095 : The operation has timed out
2026-01-14 13:31:29,652 ERROR - Rest Client, Error getting configuration from https://ISEPSN-01.domain.dk:9095 : The operation has timed out
2026-01-14 13:31:29,652 ERROR - Rest Client, Error getting configuration from https://ISEMON-01.domain.dk:9095 : The operation has timed out
2026-01-14 13:31:30,672 ERROR - Configuration , Received empty config

the pic service is running fine, also after a restart.

when i do a tcp dump from ISE i see that ISE closes the incoming connection on port 9095 from the DC: (picture)

And doing a 'show ports' on ise cli It does not show any port 9095 anywhere.

Reloading the nodes does not help either.

Should i just go ahead and contact TAC? or does anyone have had similar problems?