TLS/SSL Weak Message Authentication Code Cipher Suites for PSN node
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2024 11:54 AM
We have recently upgraded our distributed ISE deployment from 3.2 to 3.3-patch3. After that, we have disabled the weak TLS/SSL ciphers and restarted the services. After that, all the PAN , MNT and PSN nodes in the deployment got remediated except one PSN node. All the nodes were restarted after the patching.
+ Deployment is healthy and all the nodes are showing Green
+ verify the Services and all looks good
Could you please suggest what could be the reason for this? Do we have to re-sync the PSN node from the deployment to check if it can be remediated or any other solution available to resolve this issue.
I have attached the Vulnerability scan report for that PSN node
Vulnerability Reported - TLS/SSL Weak Message Authentication Code Cipher Suites
ISE deployment Version - 3.3 - Patch 3
- Labels:
-
Identity Services Engine (ISE)

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2024 02:06 PM
You can try a manual sync. If that doesn't work, then de-register the node and re-register it again. That should take care of the issue. In the worst case, you can also de-register the node, shutdown and delete the VM, and then build a new one. Of course that is a lot of work, but it's guaranteed to work, in case there was something wrong during the 3.2 to 3.3 upgrade and/or patching. I don't see a vulnerability report attached to your posting.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-30-2024 02:21 PM
Thanks Arne .
I have attached the vulnerability report. we are using Physical SNS3715 ISE appliance in our environment.
I will try to re-sync the node. If that is not helpful, then i will try to de-register and re-register it again. will update with the result.
