It seems our Internal CA is unable to start because of a missing keystore password file. We tried disabling/enabling the Internal CA which did not help. We'd like to regenerate the Internal CA certificate, but we are getting a "No message defined" error, presumably because the CA service is not running properly. Anyone know of a way to force ISE to generate the missing file?
I see a similar issue being reported after an internal search and a DDTS was opened:
CSCus54289 OCSP Services not running and Internal CA certs missing post 1.3 upgrade
Workaround- Reimage the device with 1.3 and that resolved the issue.
Note: Please mark answers if they are helpful.
Thank you for the response Kanwal, but I sure want to avoid reimaging the device. Our deployment is pretty large, and would cause quite a disruption in service. I'm pursuing a couple of different avenues ATM, but that bug number will be a helpful reference. I will post something back if I find a successful alternative.
We were able to fix this after some conversation between our Solution Architect and a BU engineer, without re-imaging the device. At a high level: