There is no admin certificate in the secondary ise.

CCC3 · ‎09-13-2023

I checked because it wasn't authenticated with secondary ISE.
The admin certificate was missing.

The exact history of when it ceased to exist is not known.

Are there any similar cases related to this?
You need to check whether you just need to issue an admin certificate to the secondary.

And when I tried to reproduce the symptom, I couldn't forcefully delete the admin certificate.

Is it possible to reproduce the symptoms?

* ISE version : 2.7 patch 4

Milos_Jovanovic · ‎09-19-2023

Hi @CCC3,

Is there a scroll bar somewhere?

I've never seen certificate disappearing. However, I could even imagine that something happens with the certificate for whatever reason. What I can't imagine is that Admin or EAP roles disappear from your ISE node. They must be present to ISE node, which are not visible on your screenshot. You must be able to see those roles, and what certificate is attached to those roles.

Kind regards,

Milos

Marvin Rhoads · ‎09-19-2023

An ISE node should not be able to run without an Admin certificate. If it got corrupted somehow the deployment would not be healthy as inter-node replication requires a trusted certificate on each node for it's Admin functions. I would either rebuild the node or open a TAC case.