cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1046
Views
17
Helpful
3
Replies
Highlighted
Contributor

What happens when ISE Primary Admin node (and Secondary Admin node) are down?

Hey there, first of all a quick acknowledgement that of course you make sure the ISE Admin nodes are highly available.....

However, what actually fails if both the Primary Admin node (and Secondary Admin node) are offline for say 15 minutes? In my (non-scientific) test when I rebooted the Primary Admin node (and Secondary Admin node) the authentications to the PSNs continued to work from what the users told me.


My initial conclusion is that you lose the ability to manage the ISE deployment (configure or monitor it) but that the authentications continue to work. This seems too simplisitic, is there anything official on this as to what works/doesn't work when the Primary Admin node (and Secondary Admin node) are down?


Thanks

DJ

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: What happens when ISE Primary Admin node (and Secondary Admin node) are down?

If both Admin Nodes are down, the services affected are (I know the table states the Primary is down and the secondary has yet to take over.  In this situation, both nodes are effectively down):

AdminDown.PNG

Cisco Identity Services Engine Administrator Guide, Release 2.3 - Set Up Cisco ISE in a Distributed Environment [Cisco …

View solution in original post

3 REPLIES 3
Highlighted
Cisco Employee

Re: What happens when ISE Primary Admin node (and Secondary Admin node) are down?

If both Admin Nodes are down, the services affected are (I know the table states the Primary is down and the secondary has yet to take over.  In this situation, both nodes are effectively down):

AdminDown.PNG

Cisco Identity Services Engine Administrator Guide, Release 2.3 - Set Up Cisco ISE in a Distributed Environment [Cisco …

View solution in original post

Highlighted

Re: What happens when ISE Primary Admin node (and Secondary Admin node) are down?

Hi,

What happens when both nodes still down. How can I recover the admin services in the deployment?

Highlighted
Cisco Employee

Re: What happens when ISE Primary Admin node (and Secondary Admin node) are down?

If both the Primary and Secondary PAN fail and are un-recoverable, you would need to rebuild them (if hardware failures, it would require opening a TAC case for an RMA) and restore from the most recent Configuration Backup.