06-20-2013 06:35 AM - edited 03-10-2019 08:34 PM
Hi,
We are currently having problems to access via Web admin UI to cisco ISE. after we put the password, we get this message on screen:
authentication failed due to zero RBAC group.
The ISE version that we are using is: 1.1.2.145 path 3
Do you have any idea about that?
Thank you for your attention on this matter.
Regards.
06-20-2013 06:49 AM
Hugo,
Serveral known issues exist that result in this message. Can I suggest to open a TAC case?
Or go to 1.1.3 patch 1 and re-test.
M.
06-24-2013 06:58 AM
You can't log into the CLI, it doesn't accept the password. What else can resolve this?
06-20-2013 06:56 AM
Looking at the screen shot it seems that you've not configured ISE to use external account from Active Directory. In most of the cases either we need to run the script to fix it temporarily or we need to reimage. I agree with Marcin that this issue calls for TAC case. However, before that if you wish
1.] You can upgrade to ISE 1.1.3 latest patch.
2.] Try to eset the internal admin account to gain GUI access if you have CLI access.
Run 'application reset-passwd ise admin' >> Follow the prompts
Jatin Katyal
- Do rate helpful posts -
06-20-2013 07:08 AM
Can I upgrade from 1.1.2 version to 1.1.3 version or 1.1.4 version without lose my actual configuration.?
06-20-2013 07:03 AM
Can I upgrade from 1.1.2 version to 1.1.3 version or 1.1.4 version without lose my actual configuration.?
06-20-2013 07:07 AM
Yes, you can. However, it's a good practise to take backup before you upgrade to next version.
Jatin Katyal
- Do rate helpful posts -
06-20-2013 01:49 PM
Hi Jatin,
Unfortunately I can't do the upgrade, when I try to upgrade from 1.1.2 to 1.1.3 I get this error:
% ERROR: This node is part of an ISE deployment. Please make it a standalone first, then retry upgrade.
error: %post(CSCOcpm-upgrade-1.1.3-124.i386) scriptlet failed, exit status 1
% Application upgrade failed. Please check logs for more details or contact Cisco Technical Assistance Center for support.
I think to install 1.1.4. may solve many issues.
06-24-2013 12:11 AM
it's look like you have more than 1 ise that act as primary/secondary, so you must make it standalone before you upgrade it...
06-24-2013 06:59 AM
How long does this issue last?
06-27-2013 11:17 AM
I'm with the same problem and ISE is already at 1.1.3.124 version
Someone knows the solution?
Regards,
Claudio
06-30-2013 01:41 AM
In Cisco ISE, RBAC policies are simple access control policies that use RBAC concepts to manage admin access. These RBAC policies are formulated to grant permissions to a set of administrators that belong to one or more admin group(s) that restrict or enable access to perform various administrative functions using the user interface menus and admin group data elements. I think there is problem with your RBAC policy configuration. Please follow the below link for help.
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_identities.html#wp1282656
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_identities.html#wp1283009
07-01-2013 04:07 AM
Hello,
I went through your query and found the following link which might help you :-
http://www.cisco.com/en/US/docs/security/ise/1.0.4/user_guide/ise10_man_identities.pdf
07-01-2013 05:57 AM
Hello guys,
Thanks for helping but, I can't access the web interface, how could I change the RBAC configurations?
Regards,
Claudio
07-31-2013 08:22 PM
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_identities.html#wp1282656
click on the above link and go to Configuring RBAC Permissions .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide