cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

7752
Views
5
Helpful
18
Replies
hugomejias
Beginner

Problem to get Web admin access on cisco ISE

Hi,

We are currently having problems to access via Web admin UI to cisco ISE. after we put the password, we get this message on screen:

authentication failed due to zero RBAC group.

The ISE version that we are using is: 1.1.2.145 path 3

Do you have any idea about that?

Thank you for your attention on this matter.

Regards.

18 REPLIES 18
Marcin Latosiewicz
Cisco Employee

Hugo,

Serveral known issues exist that result in this message. Can I suggest to open a TAC case?

Or go to 1.1.3 patch 1 and re-test.

M.

You can't log into the CLI, it doesn't accept the password. What else can resolve this?

Jatin Katyal
Cisco Employee

Looking at the screen shot it seems that you've not configured ISE to use external account from Active Directory. In most of the cases either we need to run the script to fix it temporarily or we need to reimage. I agree with Marcin that this issue calls for TAC case. However, before that if you wish

1.] You can upgrade to ISE 1.1.3 latest patch.

2.] Try to eset the internal admin account to gain GUI access if you have CLI access.

Run 'application reset-passwd ise admin' >> Follow the prompts

Jatin Katyal
- Do rate helpful posts -

~Jatin

Can I upgrade from 1.1.2 version to 1.1.3 version or 1.1.4 version without lose my actual configuration.?

hugomejias
Beginner

Can I upgrade from 1.1.2 version to 1.1.3 version or 1.1.4 version without lose my actual configuration.?

Yes, you can. However, it's a good practise to take backup before you upgrade to next version.

Jatin Katyal
- Do rate helpful posts -

~Jatin

Hi Jatin,

Unfortunately I can't do the upgrade, when I try to upgrade from 1.1.2 to 1.1.3 I get this error:

% ERROR: This node is part of an ISE deployment. Please make it a standalone first, then retry upgrade.

error: %post(CSCOcpm-upgrade-1.1.3-124.i386) scriptlet failed, exit status 1

% Application upgrade failed. Please check logs for more details or contact Cisco Technical Assistance Center for support.

I think to install 1.1.4. may solve many issues.

it's look like you have more than 1 ise that act as primary/secondary, so you must make it standalone before you upgrade it...

How long does this issue last?

claudiogordon
Beginner

I'm with the same problem and ISE is already at 1.1.3.124 version

Someone knows the solution?

Regards,

Claudio

Ravi Singh
Rising star

In Cisco ISE, RBAC policies are simple access  control policies that use RBAC concepts to manage admin access. These  RBAC policies are formulated to grant permissions to a set of  administrators that belong to one or more admin group(s) that restrict  or enable access to perform various administrative functions using the  user interface menus and admin group data elements. I think there is problem with your RBAC policy configuration. Please follow the below link for help.

http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_identities.html#wp1282656

http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_identities.html#wp1283009

harvisin
Participant

Hello,

I went through your query and found the following link which might help you :-

http://www.cisco.com/en/US/docs/security/ise/1.0.4/user_guide/ise10_man_identities.pdf

claudiogordon
Beginner

Hello guys,

Thanks for helping but, I can't access the web interface, how could I change the RBAC configurations?

Regards,

Claudio

http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_identities.html#wp1282656

click on the above link and go to Configuring RBAC Permissions .

Content for Community-Ad