Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3555
Views
24
Helpful
3
Replies

What happens when ISE Primary Admin node (and Secondary Admin node) are down?

Go to solution
dazza_johnson
Level 5
Level 5

‎09-06-2017 07:08 PM

Hey there, first of all a quick acknowledgement that of course you make sure the ISE Admin nodes are highly available.....

However, what actually fails if both the Primary Admin node (and Secondary Admin node) are offline for say 15 minutes? In my (non-scientific) test when I rebooted the Primary Admin node (and Secondary Admin node) the authentications to the PSNs continued to work from what the users told me.


My initial conclusion is that you lose the ability to manage the ISE deployment (configure or monitor it) but that the authentications continue to work. This seems too simplisitic, is there anything official on this as to what works/doesn't work when the Primary Admin node (and Secondary Admin node) are down?


Thanks

DJ

1 Accepted Solution

Accepted Solutions

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎09-07-2017 05:01 AM

If both Admin Nodes are down, the services affected are (I know the table states the Primary is down and the secondary has yet to take over.  In this situation, both nodes are effectively down):

AdminDown.PNG

Cisco Identity Services Engine Administrator Guide, Release 2.3 - Set Up Cisco ISE in a Distributed Environment [Cisco …

View solution in original post

3 Replies 3

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎09-07-2017 05:01 AM

If both Admin Nodes are down, the services affected are (I know the table states the Primary is down and the secondary has yet to take over.  In this situation, both nodes are effectively down):

AdminDown.PNG

Cisco Identity Services Engine Administrator Guide, Release 2.3 - Set Up Cisco ISE in a Distributed Environment [Cisco …

Go to solution
felipesanchezº
Level 1
Level 1
In response to Charlie Moreton

‎04-08-2020 05:38 PM

Hi,

What happens when both nodes still down. How can I recover the admin services in the deployment?

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to felipesanchezº

‎04-08-2020 11:12 PM

If both the Primary and Secondary PAN fail and are un-recoverable, you would need to rebuild them (if hardware failures, it would require opening a TAC case for an RMA) and restore from the most recent Configuration Backup.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents