05-08-2020 02:53 AM
Hi All,
We have recently upgraded to ISE 2.7. I had created a admin user and was able to SSH to the CLI of the ISE using this user.
We then deleted this user and since then, every account we created locally on the device (VM) it's not been possible to SSH using admin, or user accounts to the CLI.
The another admin account that was setup from the beginning is still functioning and we can connect to CLI using this account. But any new users we set up just fail (please see attached example.)
Two of us have tried several times, so it's not a 'fat finger' issue, we've been very careful entering username and passwords.
Does anyone have any ideas of what to check?
Thanks and kind regards,
Simon
Solved! Go to Solution.
05-13-2020 06:21 AM
Dear All,
Well an update, all be it slightly strange.
We did end up rebooting the ISE, although we had done that in the past.
We created another local username and this time it worked. If it had been just me working on it, I would have said perhaps I was making a 'typo' somewhere, although I tried several times. But my colleague also tried and had the same outcome.
We will keep monitoring and see what happens in the future. If we see the same issues we will carry out the recommended steps.
1. Try reload of ISE.
2. Enable "admin-infra" and "infrastructure" log component at debug level and tail ADE.log and ise-psc.log to see if any specific error is coming while user tries to login.
show logging application ise-psc.log tail
show logging system ade/ADE.log tail
3. Apply latest patch 1 and test the behavior.
Thanks to all for their input.
05-08-2020 03:12 AM
- Can you try to operate your ssh-client in verbose mode and then check if any additional info is being displayed when the connection to ISE is made ?
M.
05-08-2020 07:29 AM
If the new user has been created with plain password option with role admin. if not then create new user with plain password and test.
"username abc password plain abc123 role admin". The password will automatically be hashed and shown as password type hash in the running config.
05-08-2020 10:26 AM
05-11-2020 05:49 AM
Hi There,
Yep, we did exactly that and several times.
It's the same outcome unfortunately.
This sounds very weird I know, but about two weeks ago, I created another username and password assigned to admin and was able to SSH to the ISE VM. Now, even after trying with 3 different combinations of username and password, each of them has the same result. We are unable to SSH to the ISE using a newly created username.
We are however, able to still SSH using the original Username that was setup when this ISE was built.
Regarding the GUI and SSH being separate, yes, we understand that. But currently we are unable to successfully SSH to the device when we create a username from the command line.
Thanks all.
05-11-2020 05:33 AM
Hi There,
Sorry for the delay in getting back to you, had a few things that needed clearing up.
I'll investigate in the mean time, but from the verbose option whilst SSH'ing to the ISE VM I see the following in the attached.
But yet the existing username/password that was configured when this device was installed is working fine.
05-12-2020 05:00 AM
In such case there are couple of options you can try:
1. Try reload of ISE.
2. Enable "admin-infra" and "infrastructure" log component at debug level and tail ADE.log and ise-psc.log to see if any specific error is coming while user tries to login.
show logging application ise-psc.log tail
show logging system ade/ADE.log tail
3. Apply latest patch 1 and test the behavior.
05-13-2020 06:21 AM
Dear All,
Well an update, all be it slightly strange.
We did end up rebooting the ISE, although we had done that in the past.
We created another local username and this time it worked. If it had been just me working on it, I would have said perhaps I was making a 'typo' somewhere, although I tried several times. But my colleague also tried and had the same outcome.
We will keep monitoring and see what happens in the future. If we see the same issues we will carry out the recommended steps.
1. Try reload of ISE.
2. Enable "admin-infra" and "infrastructure" log component at debug level and tail ADE.log and ise-psc.log to see if any specific error is coming while user tries to login.
show logging application ise-psc.log tail
show logging system ade/ADE.log tail
3. Apply latest patch 1 and test the behavior.
Thanks to all for their input.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide