Thanks, 

no i have not installed any new certificates from cisco.  ISE 2.4 comes by default with four Cisco certificates (2048 bits and M2). However as i noticed they are used for endpoints infrastructure.

Should i upload new Cisco certificates?

Ditter

I think their feed update has been flakey.  I had this issue on Thursday too.  And then an hour later it worked again.  Seemed to work last night too. 

Thanks, last night i also tried but it did not work (btw i am located in Europe).

I also tried a little ago (12:49 p.m), it also did not work.

But are we sure it is a matter of feed server availability?

cannot find link to download the certificate, can someone help please?

You need to have the QuoVadis Root CA and Hydrant issuing CA cert installed under Trusted Certs - both certs can be downloaded from the QuoVadis website :

Does your ISE deployment have to go through a web proxy in order to reach the Internet? If so then that is also potentially the problem.

But I just discovered something in my own ISE 2.4 deployment - the Feed Update was not working either and I did a tcpdump while running a test feed connection. ISE sends a TCP SYN to ise.cisco.com and I get a RST back immediately.

It turns out the issue was due to the setting shown below in red that I had unchecked. When I checked it again, the feed update service kicked into life!!

Shouldn't i be able to access the site https://ise.cisco.com:8443/feedserver through a web bowser?

I tried the URL https://ise.cisco.com:8443/feedserver and i got a message :

ML Parsing Error: no root element found
Location: https://ise.cisco.com:8443/feedserver
Line Number 1, Column 1:

I am trying to investigate all options here before ending in opening a case (i have not direct access to TAC) and this should be done through my sales partner :-( which will bring additional delays

You will get the XML parsing error when browsing directly.

I just tested my lab ISE server (2.4 Patch 4) and the Profiler "Test Feed Service Connection" works just fine.

NOTE: If the default Update Feed URL is not reachable and your network requires a proxy server, configure the proxy settings by choosing Administration > System > Settings > Proxy before you access the Live Update portals.

Hi to all,

just a quick update with the ISE feed service. It stopped working for 1-2 months and started working again on 14tth of October 2020 by itself without any intervention or config change from my side.

Definitely something is wrong with the ISE feed Service.

Ditter.

@Ditter 

I agree - I was starting to doubt my own sanity there for a while. I installed brand new ISE systems and none of them had a working Profiler Feed system. I fiddled with tcpdumps/wireshark and the tcp connections seemed to go through. I eventually turned off the auto update feature and resorted to the caveman method of uploading the manual file. But I am glad that you brought this to our attention - I have enabled auto updates and it's working again. A small miracle on a Friday morning