Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2446
Views
0
Helpful
4
Replies

Cisco Prime Infrastructure 2.1 can't add Cisco ISE 1.2 to "External Management Servers"

Shahin Suleymanov
Level 1
Level 1

‎03-18-2015 11:47 AM

Hi all,

 

I'm trying to add Ciso ISE 1.2 (1.2.0.899 with version 13 patch) servers (primary and secondary) as "External Management Servers" in Cisco PI 2.1 (2.1.0.0.87) but there appears such message indicating that ISE server is not reachable: 

 

The weird thing is that ISE servers are reachable from PI and vice-versa (I can ping each other from their CLIs)

There were added ISE servers to PI long ago (primary and secondary ISE) and then secondary was deleted from PI. Primary ISE still persists in PI but its status is unreachable:

But I can see info about wired clients authenticating on the switchs (NADs for ISE) - weird, status is unreachable but client info is being received from ISE.

 

I tried application stop NCS/application start NCS on PI and application stop ise/application start ise on ISE - no success for that issue.

 

So I can't find a way to solve that weird issue, maybe you can help me find out the cause of such things. Thanks. 

 

 

 

 

 

 

 

 

 

 

1 person had this problem
Labels:
0 Helpful
4 Replies 4

ramkris2
Cisco Employee
Cisco Employee

‎03-18-2015 02:55 PM

Shahin,

I would suggest installing PI 2.1.2 patch & then trying to add the ISE.

Also, few more points:

--The ISE server must be reachable using its fully qualified domain name.

--The username and password used on this page must be a superuser that is configured locally on the ISE server.

--The superuser credentials are only configured on ISE and do not need to be configured in PI.

--The superuser credentials must be configured locally within ISE (external accounts like active directory aren't supported for adding ISE to PI).

Ram

0 Helpful

Shahin Suleymanov
Level 1
Level 1
In response to ramkris2

‎03-28-2015 09:28 PM

Hi all,

Finally I've fixed it. First I installed PI 2.1.2 patch which had no effect, then I installed Device Packages Update 8.0 which had no effect either, and after installing "ISE 1.3 Support on PI 2.1.2" patch I was able to add ISE servers to PI with success. So "ISE 1.3 Support on PI 2.1.2" patch has resolved the issue despite ISE servers are running version 1.2.0.899.

 

0 Helpful

Ashok Kumar
Cisco Employee
Cisco Employee

‎03-21-2015 01:22 AM

Hi,

-- Please Go to Administration > Logging > set the Message level to TRACE > Click save
-- Then try to add the ISE.
-- Once it fails, collect the logs from Administration > Logging > 

check the "ncs-0-0.log"  & search the file for "ERROR" & paste the results here. This will give us exact reason.


- Ashok

******************************************************************************************************

Please rate the post or mark as correct answer as it will help others looking for similar information

******************************************************************************************************

0 Helpful

timbarnhart
Level 1
Level 1

‎03-25-2015 06:55 PM

I am having the same issue currently.  I can add my lab single node ISE to Prime, but when I try to add my distributed production ISE I get the same error.

0 Helpful
Customers Also Viewed These Support Documents