cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3684
Views
0
Helpful
6
Replies

Has anyone see an issue with ISE-PIC where the data is successfully comeing into Stealthwatch but the ISE-PIC object under Identity Services has the small red x in the bottom left corner of the object?

schason@cisco.com
Cisco Employee
Cisco Employee
6 Replies 6

euribe007
Cisco Employee
Cisco Employee

Could just be a visual bug if it is actually receiving traffic.  We'll be testing the newest RC of 6.9 and ISE PIC next week and let you know if it still shows the red X.

Okay. For my testing, I'm using Stealthwatch 6.9.0 2017.01.13.2303-0 and ISE 2.2.0.456. Are those not the latest versions of both?

Thanks

rvacher
Cisco Employee
Cisco Employee

Hi Scott,

I got the same issue as you. In SW6.9 Java, ISE PIC is marked red but when I go in the Web UI it is green.

Not really sure why. If someone has some inputs?

Thanks,

Rémi

The SMC calls a REST API on ISE – https://<ise-Ip>/ise/mnt/api/version for 2 purposes:


1) On initial configuration it determines what version of ISE is running to determine how to process certain syslog fields.

2) On-going heart beat to ensure that ISE is still there.


The certificate configuration is to allow the SSL channel to come up (i.e. SMC needs to accept the certificate being presented by ISE; ISE needs to allow the certificate being presented by the SMC)

Prior to ISE 1.3 it was possible to call/leverage this API with a Help Desk User privileged account. However, beginning with ISE 1.3 all REST APIs require SuperAdmin privileges.  Arguably you could disable the account on ISE after initial config, the ISE icon in the SMC swing client will show an error along the lines of “there are communication problems with ISE” but the integration will continue to work as syslog will still arrive at the SMC.


Our fix going forward (beginning with Stealthwatch 6.9) will be to leverage pxGrid for session information instead of syslog.

Chris, I understand the new differences in communication and have all of the connectivity working and see the user data in Stealthwatch, but I still have that red X.

Thanks

Experiencing this problem on a number of occasions due to upgrades and whatnot. Our fix is always to check the certificates to ensure matching  and validate the userID / password between the two devices. Both have broken the connection (red x) May need to "jumpstart" again by walking through the configuration on Stealthwatch.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: