08-18-2015 11:24 AM - edited 03-10-2019 10:59 PM
It seems our Internal CA is unable to start because of a missing keystore password file. We tried disabling/enabling the Internal CA which did not help. We'd like to regenerate the Internal CA certificate, but we are getting a "No message defined" error, presumably because the CA service is not running properly. Anyone know of a way to force ISE to generate the missing file?
08-18-2015 12:12 PM
Hi Scott,
I see a similar issue being reported after an internal search and a DDTS was opened:
CSCus54289 OCSP Services not running and Internal CA certs missing post 1.3 upgrade
Workaround- Reimage the device with 1.3 and that resolved the issue.
Regards,
Kanwal
Note: Please mark answers if they are helpful.
08-19-2015 06:14 AM
Thank you for the response Kanwal, but I sure want to avoid reimaging the device. Our deployment is pretty large, and would cause quite a disruption in service. I'm pursuing a couple of different avenues ATM, but that bug number will be a helpful reference. I will post something back if I find a successful alternative.
08-19-2015 11:28 AM
We were able to fix this after some conversation between our Solution Architect and a BU engineer, without re-imaging the device. At a high level:
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: