Cisco Community
English
Register
The War in Ukraine - Supporting customers, partners and communities. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

3037
Views
0
Helpful
8
Replies
Mountain Man
Beginner
Beginner
‎08-17-2012 08:20 AM
‎08-17-2012 08:20 AM

Secondary ISE cannot join the primary node with error message

Hi,

I have just installed the secondary ISE and did the followings, but when I try to join the primary node, I received the Cannot authenticate the primary ISE, please check the server or certificate and try again.

- promote the secondary from standalone to primary

- export self cert from the seconary

- import the cert to the primary

- try to add not on the secondary used both IP and host name with super admin user

One thing I have noticed that the instruction on the ISE 1.1.1 import cert on primary section mentioned:

  1. Choose Administration > System > Certificates.
  2. From the Certificate Operations navigation pane on the left, click Certificate Authority Certificates.

but the Certificat Authority Certificates does not exist on the left pane. I choosed Certificate store instead

ise.png

any suggestions?

Labels:
0 Helpful
1 ACCEPTED SOLUTION

Accepted Solutions
Tarik Admani
Advocate
Advocate
In response to Mountain Man
‎08-17-2012 08:58 AM
‎08-17-2012 08:58 AM

Hi,

Did you set the secondary node to primary? You may have tried to register the node in the wrong direction. For a node to register with the primary node, the registration request must be initiated from the primary node.

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

0 Helpful
8 REPLIES 8
edondurguti
Enthusiast
Enthusiast
‎08-17-2012 08:37 AM
‎08-17-2012 08:37 AM

I've seen that order to be different on the cert guide aswell.

Make sure that the admin password matches

0 Helpful
Mountain Man
Beginner
Beginner
In response to edondurguti
‎08-17-2012 08:39 AM
‎08-17-2012 08:39 AM

Yes. Admin password is match. I have also tested to using a different super admin user created on both system. none of them working

0 Helpful
edondurguti
Enthusiast
Enthusiast
In response to Mountain Man
‎08-17-2012 08:41 AM
‎08-17-2012 08:41 AM

do you have both certs on the primary node as of right now?

if you go to

Administration > System > Certificates

choose Certificate Store

what do you see there?

.

0 Helpful
Mountain Man
Beginner
Beginner
In response to edondurguti
‎08-17-2012 08:44 AM
‎08-17-2012 08:44 AM

Yes. I have two certs there, one is local/primary the other one is imported from the secondary

0 Helpful
edondurguti
Enthusiast
Enthusiast
In response to Mountain Man
‎08-17-2012 08:49 AM
‎08-17-2012 08:49 AM

I'm sorry, you do or don't see two certs there?

0 Helpful
Mountain Man
Beginner
Beginner
In response to edondurguti
‎08-17-2012 08:54 AM
‎08-17-2012 08:54 AM

I tried to add the cert from primary and imported it into the secondary. Run add note again, get different error:

Unable to register primary_host. Node is not a Standalone node.

0 Helpful
Tarik Admani
Advocate
Advocate
In response to Mountain Man
‎08-17-2012 08:58 AM
‎08-17-2012 08:58 AM

Hi,

Did you set the secondary node to primary? You may have tried to register the node in the wrong direction. For a node to register with the primary node, the registration request must be initiated from the primary node.

Thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful
Mountain Man
Beginner
Beginner
In response to Tarik Admani
‎08-17-2012 09:18 AM
‎08-17-2012 09:18 AM

Thanks,  Tarik:  that's It.

0 Helpful
Latest Contents
Network Security All-in-one ASA FTD WSA Umbrella ISE VPN Lay...
Created by Meddane on 05-17-2022 06:18 AM
0
0
0
0
Multiple Cisco Security Technologies in a single book : ASA Firepower, WSA, Umbrella, ISE and VPN with 100 percent 100 practical scenarios with 70 Labs to cover important topics of the Cisco SCOR Exam. The best part is ISE with interesting scenarios wi... view more
Understanding IP Layer Enforcement on Cisco Umbrella
Created by Meddane on 05-17-2022 03:10 AM
0
0
0
0
Cisco Umbrella is a big DNS service that provides not only the DNS resolution but also if the hosted website is trust or malicious, the idea behind the Layer DNS Security is that the modern attacks uses the DNS in the first step either to redirect the use... view more
Cisco ISE Integration With F5 BIG-IP LTM Load Balancer for G...
Created by Meddane on 05-15-2022 02:24 AM
0
0
0
0
I shared with you this detailed document I created with 27 pages about Cisco ISE Integration With F5 BIG-IP Locar Traffic Manager LTM Load Balancer for Guest Acces.   The method used for Guest Access is the Self-Registration. Healt Monitor using HTTP... view more
Cisco ASA 9.714 version SNMP not working in EVE-NG LAB Envir...
Created by waqas.muhammad49 on 05-10-2022 06:56 AM
0
0
0
0
I created an IPSEC Site to site Tunnel between two ASA Firewalls in EVE-NG topology and i want to plot the IPSEC Site to Site VPN graph on PRTG ? The SNMP Walk command is not getting any output . As the firewall is making SNMP inbound connections with the... view more
ISE Integration with Eduroam External Server
Created by deepuvarghese1 on 05-09-2022 08:31 PM
3
20
3
20
The purpose of this document is to demonstrate how ISE can integrate with an eduroam external server which is a WI-Fi roaming service that provides international access to devices in education, research, and higher education. Students, teachers, and resea... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad

ISE Webinars

Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube