07-26-2017 07:05 AM
Hi,
We recently found some issues.Some users who already successfully authenticated with 802.1 EAP-TLS in operation logs, we can see the username. But when we try to search this username from "Context Visibility-->Endpoints" , we couldnt see the username, but the Device name only and also it seems to be old or maybe some previous information.
in this region we have 2 PSNs @ 2.1 P3 and using F5 LB to share the load.
here are some screenshot... Anyone knows about this problem and how to fix it ?
from "endpoints", Shows PSN1....
under "Attributes" tab, everything is PSN1:
under "Authentication" tab,everything is correct.
Solved! Go to Solution.
07-27-2017 08:37 PM
First, please check and ensure the profiler RADIUS probe enabled on PSN2. I would suggest to restart the ISE services on PSN2 while watching the debug log profiler.log at ISE admin CLI
term len 0
show logging app profiler.log tail
Make sure the RADIUS probe coming up correctly.
Below shows an example whenthe probe not started properly:
2017-07-25 02:22:51,896 INFO [ProfilerController-2-thread-1][] cisco.profiler.probes.radius.SyslogMonitor -::- Configuring RADIUS Probe.
2017-07-25 02:22:51,898 INFO [ProfilerController-2-thread-1][] cisco.profiler.probes.radius.SyslogMonitor -::- Starting RADIUS probe.
2017-07-25 02:22:51,908 ERROR [ProfilerController-2-thread-1][] cisco.profiler.probes.radius.SyslogMonitor -::- Unable to start RADIUS probe.
2017-07-25 02:22:51,908 ERROR [ProfilerController-2-thread-1][] cisco.profiler.infrastructure.probemgr.ProbeLoader -::- Loading probe:radius failed.:Unable to start RADIUS probe. Address already in use
com.cisco.profiler.common.ProfilerException: Unable to start RADIUS probe. Address already in use
If the above not helping, please engage Cisco TAC to troubleshoot it further.
07-26-2017 10:51 AM
What value do you see for the 'User-Name' attribute, under the 'Attributes' tab?
Also did you try clicking on the refresh button:
~Hari
07-26-2017 12:35 PM
the user name Attribute is as same as the User-name at top both are machine name.
i tried refresh, not really works.
I can see these users previous day "live log" authentication server was on PSN1, today is using PSN2.
can the database confused yesterday and today's data time? so pick old one instead ?
Also "location:" always empty. even we configured Location.. all location --->building name....
but still shows nothing...
07-27-2017 08:37 PM
First, please check and ensure the profiler RADIUS probe enabled on PSN2. I would suggest to restart the ISE services on PSN2 while watching the debug log profiler.log at ISE admin CLI
term len 0
show logging app profiler.log tail
Make sure the RADIUS probe coming up correctly.
Below shows an example whenthe probe not started properly:
2017-07-25 02:22:51,896 INFO [ProfilerController-2-thread-1][] cisco.profiler.probes.radius.SyslogMonitor -::- Configuring RADIUS Probe.
2017-07-25 02:22:51,898 INFO [ProfilerController-2-thread-1][] cisco.profiler.probes.radius.SyslogMonitor -::- Starting RADIUS probe.
2017-07-25 02:22:51,908 ERROR [ProfilerController-2-thread-1][] cisco.profiler.probes.radius.SyslogMonitor -::- Unable to start RADIUS probe.
2017-07-25 02:22:51,908 ERROR [ProfilerController-2-thread-1][] cisco.profiler.infrastructure.probemgr.ProbeLoader -::- Loading probe:radius failed.:Unable to start RADIUS probe. Address already in use
com.cisco.profiler.common.ProfilerException: Unable to start RADIUS probe. Address already in use
If the above not helping, please engage Cisco TAC to troubleshoot it further.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide