cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12170
Views
15
Helpful
7
Replies

What does the ISE Indexing Engine actually do?

Arne Bier
VIP
VIP

Hello

 

I have a case where the Secondary PAN/MnT is showing ISE Indexing Engine 'not running'

 

ISE PROCESS NAME                       STATE            PROCESS ID
--------------------------------------------------------------------
Database Listener                      running          5377
Database Server                        running          120 PROCESSES
Application Server                     running          3007
Profiler Database                      running          31574
ISE Indexing Engine                    not running

I have a fresh ISE 2.4 patch 4 install and combined PAN and MnT in a single node.   I have primary and secondary PAN/MnT.

 

I suspect this error is happening because the customer has not yet been able to create DNS PTR records for their ISE nodes.  This is taking some time but I believe this will be resolved.  Is this the cause of the error on the Secondary MnT node?  BTW, Indexing Engine is running just fine on Primary MnT.  And Indexing is disabled on all PSN's.

 

Questions:

  • what is this service used for and why does it differ depending on which node it runs on?
  • What is the impact of this current state?  Primary seems fine, so why should I care?

 

Once the customer has created the PTR records, do I only need to restart the Secondary MnT node to get rid of this situation?

 

thanks and regards

Arne

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee
  • what is this service used for and why does it differ depending on which node it runs on?

ISE Indexing Engine is used by ISE Context Visibility. It needs running on both ISE admin nodes with Primary PAN as the replication master and Secondary PAN as the replication slave for redundancy.

 

  • What is the impact of this current state?  Primary seems fine, so why should I care?

The current state has no redundancy but the data may recover from a good CFG backup or the endpoint portion by reset and sync from Oracle from ISE admin CLI.

 

Once the customer has created the PTR records, do I only need to restart the Secondary MnT node to get rid of this situation?

 


Yes, please try restarting the secondary PAN. If still not working, please engage Cisco TAC to troubleshoot.

 

View solution in original post

7 Replies 7

Hi Arne,

 

ISE indexing engine service is responsible to check reverse DNS check & used for context visibility.

 

Thanks,

Aravind

-Aravind

Weird name for a service. Why does it work on primary pan but not in secondary? They both use the same dns servers. Makes no sense 

Looking at my 2.4 deployment right now, dedicated admins nodes.  Indexing application is running on both primary and secondary admin, disabled on all other nodes.  

Thanks @Damien Miller - and I suppose you have ptr records for all of your ise nodes?

i don’t understand why ISE even needs that. We just do it because we are told but no explanation. 

Would like some technical explanation from a Cisco BU person. 

I heard that some of the pieces have fqdn in the back end. Obviously must since it doesn't work without DNS. Such an odd departure for Cisco, I'm used to everything being IP based in the call manager world.

We have reverse lookup entires configured, nothing seems to run right without them. Ex context visibility (which hslia just confirmed leverages indexing engine).

hslai
Cisco Employee
Cisco Employee
  • what is this service used for and why does it differ depending on which node it runs on?

ISE Indexing Engine is used by ISE Context Visibility. It needs running on both ISE admin nodes with Primary PAN as the replication master and Secondary PAN as the replication slave for redundancy.

 

  • What is the impact of this current state?  Primary seems fine, so why should I care?

The current state has no redundancy but the data may recover from a good CFG backup or the endpoint portion by reset and sync from Oracle from ISE admin CLI.

 

Once the customer has created the PTR records, do I only need to restart the Secondary MnT node to get rid of this situation?

 


Yes, please try restarting the secondary PAN. If still not working, please engage Cisco TAC to troubleshoot.

 

Romzy
Cisco Employee
Cisco Employee

Great explanation!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: