cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

6074
Views
15
Helpful
7
Replies
Arne Bier
VIP Advisor

What does the ISE Indexing Engine actually do?

Hello

 

I have a case where the Secondary PAN/MnT is showing ISE Indexing Engine 'not running'

 

ISE PROCESS NAME                       STATE            PROCESS ID
--------------------------------------------------------------------
Database Listener                      running          5377
Database Server                        running          120 PROCESSES
Application Server                     running          3007
Profiler Database                      running          31574
ISE Indexing Engine                    not running

I have a fresh ISE 2.4 patch 4 install and combined PAN and MnT in a single node.   I have primary and secondary PAN/MnT.

 

I suspect this error is happening because the customer has not yet been able to create DNS PTR records for their ISE nodes.  This is taking some time but I believe this will be resolved.  Is this the cause of the error on the Secondary MnT node?  BTW, Indexing Engine is running just fine on Primary MnT.  And Indexing is disabled on all PSN's.

 

Questions:

  • what is this service used for and why does it differ depending on which node it runs on?
  • What is the impact of this current state?  Primary seems fine, so why should I care?

 

Once the customer has created the PTR records, do I only need to restart the Secondary MnT node to get rid of this situation?

 

thanks and regards

Arne

1 ACCEPTED SOLUTION

Accepted Solutions
hslai
Cisco Employee

  • what is this service used for and why does it differ depending on which node it runs on?

ISE Indexing Engine is used by ISE Context Visibility. It needs running on both ISE admin nodes with Primary PAN as the replication master and Secondary PAN as the replication slave for redundancy.

 

  • What is the impact of this current state?  Primary seems fine, so why should I care?

The current state has no redundancy but the data may recover from a good CFG backup or the endpoint portion by reset and sync from Oracle from ISE admin CLI.

 

Once the customer has created the PTR records, do I only need to restart the Secondary MnT node to get rid of this situation?

 


Yes, please try restarting the secondary PAN. If still not working, please engage Cisco TAC to troubleshoot.

 

View solution in original post

7 REPLIES 7
Aravind Ravichandran
Participant

Hi Arne,

 

ISE indexing engine service is responsible to check reverse DNS check & used for context visibility.

 

Thanks,

Aravind

-Aravind

Weird name for a service. Why does it work on primary pan but not in secondary? They both use the same dns servers. Makes no sense 

Looking at my 2.4 deployment right now, dedicated admins nodes.  Indexing application is running on both primary and secondary admin, disabled on all other nodes.  

Thanks @Damien Miller - and I suppose you have ptr records for all of your ise nodes?

i don’t understand why ISE even needs that. We just do it because we are told but no explanation. 

Would like some technical explanation from a Cisco BU person. 

I heard that some of the pieces have fqdn in the back end. Obviously must since it doesn't work without DNS. Such an odd departure for Cisco, I'm used to everything being IP based in the call manager world.

We have reverse lookup entires configured, nothing seems to run right without them. Ex context visibility (which hslia just confirmed leverages indexing engine).
hslai
Cisco Employee

  • what is this service used for and why does it differ depending on which node it runs on?

ISE Indexing Engine is used by ISE Context Visibility. It needs running on both ISE admin nodes with Primary PAN as the replication master and Secondary PAN as the replication slave for redundancy.

 

  • What is the impact of this current state?  Primary seems fine, so why should I care?

The current state has no redundancy but the data may recover from a good CFG backup or the endpoint portion by reset and sync from Oracle from ISE admin CLI.

 

Once the customer has created the PTR records, do I only need to restart the Secondary MnT node to get rid of this situation?

 


Yes, please try restarting the secondary PAN. If still not working, please engage Cisco TAC to troubleshoot.

 

View solution in original post

Romzy
Cisco Employee

Great explanation!

Content for Community-Ad