09-08-2016 05:03 PM
SW 6.8 with ISE 2.1. Getting the following error on the SMC when I manually try to quarantine: “Quarantine request failed to be sent to ISE”.
I see the client identities coming from ISE to SW so I know it is receiving ISE syslog info. I see the SMC come online and then offline on the ISE pxGrid status page. The SMC shows Client Group of ANC. All of the status indicators are green on the SMC. ISE pxGrid quarantine is working for Splunk so I am fairly certain that ISE is set up correctly.
ISE pxgrid-controller log shows:
2016-09-08 23:43:31,499 INFO [Thread-7][] cisco.pxgrid.controller.sasl.SaslWatcher -:::::- Handling authentication for user name smc-01
2016-09-08 23:43:31,503 INFO [Thread-7][] cisco.pxgrid.controller.sasl.SaslWatcher -:::::- sending success authentication for smc-01@xgrid.cisco.com
2016-09-08 23:43:32,134 INFO [pool-1-thread-85][] cisco.pxgrid.controller.common.GridRulesManager -:::::- Client smc-01@xgrid.cisco.com is not authorized for topic EndpointProtectionService:operation subscribe. error=com.cisco.pxgrid.model.core.BaseError@7ef01754[
code=<null>
description=not authorized
How do I get the SMC to be authorized for EPS?
Solved! Go to Solution.
09-09-2016 04:16 AM
Sounds like you might have missed just one step.
In ISE, navigate to Administration > pxGrid Services, check the box next to your StealthWatch Server and click the Group button:
In the Client Group dialog, assign your StealthWatch Server to the EPS group:
This should authorize SMC for EPS.
09-09-2016 04:16 AM
Sounds like you might have missed just one step.
In ISE, navigate to Administration > pxGrid Services, check the box next to your StealthWatch Server and click the Group button:
In the Client Group dialog, assign your StealthWatch Server to the EPS group:
This should authorize SMC for EPS.
09-09-2016 06:58 AM
Charles,
You are my hero. Works like a charm now.
Thanks.
Sam
09-09-2016 07:00 AM
Sam,
I'm glad this worked for you. Thanks for letting me know.
08-10-2017 03:46 AM
hi,
sorry for digging this out, but i cant get it working..
my ise and stealthwatch are connected via pxgrid. i followed every step of the " Deploying Cisco Stealthwatch 6.9 with Cisco Identity Services Engine (ISE) 2.2 using Cisco Platform Exchange Grid (pxGrid)" Guide from John Eppich and used the ISE internal CA.
My ISE and Stealthwatch are connected as you can see in the screenshots right here:
@chmoreto do you have any idea?
08-10-2017 01:10 PM
Which patch level is your ISE 2.2? ISE 2.2 Patch 1 can run into CSCvc81676
08-11-2017 01:43 AM
if i google "CSCvc81676" i cant find anything, but yes, my ISE is running exactly this version and patch
EDIT:
08-11-2017 05:11 PM
It's one of the bugs addressed in ISE 2.2 Patch 2, which went out last month.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide