Cisco Community
English
Register
LEARN MORE about Cisco's cybersecurity announcements this week
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1875
Views
0
Helpful
16
Replies
Highlighted
martyn.rees
martyn.rees Enthusiast
Enthusiast
‎08-16-2012 04:53 AM
‎08-16-2012 04:53 AM

ISE 1.1.1 High CPU usage

Has anyone had any problems with high CPU usage when ISE is under very minimal load, especially in the middle of the night?

At the moment there are max 10 wireless clients connected at any one time, but none overnight, yet the CPU sits around 90% all of the time.

The ISE in question is a VM, and has 4GB RAM, and 2 CPU's allocated. It is a stand alone system, and is only being used for wireless auth.

I haven't been able to find much in the way of being able to track which process is consuming CPU time, so it's hard to know exactly what is the cause, and where to look to resolve.

Labels:
Everyone's tags (2)
0 Helpful
Reply
16 REPLIES 16
Tarik Admani
Tarik Admani Advocate
Advocate
‎08-16-2012 08:30 AM
‎08-16-2012 08:30 AM

ISE 1.1.1 High CPU usage

Do you have the automatic updates configured for the client provisioning setting? Try disabling the automatic updates:

http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_client_prov.html#wpxref43943

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani
*Please rate helpful posts*
0 Helpful
Reply
martyn.rees
martyn.rees Enthusiast
Enthusiast
‎08-16-2012 05:59 PM
‎08-16-2012 05:59 PM

ISE 1.1.1 High CPU usage

Automatic updates for the client provisioning is disabled, as is posture updates.

0 Helpful
Reply
Tarik Admani
Tarik Admani Advocate
Advocate
‎08-16-2012 07:45 PM
‎08-16-2012 07:45 PM

ISE 1.1.1 High CPU usage

Do you have all the probes turned on? Can you disable any unused probes if they are enabled. I can try looking at a support bundle for you or you can have tac do this.

Thanks,

Tarik Admani

Tarik Admani
*Please rate helpful posts*
0 Helpful
Reply
martyn.rees
martyn.rees Enthusiast
Enthusiast
‎08-16-2012 07:49 PM
‎08-16-2012 07:49 PM

ISE 1.1.1 High CPU usage

There are only three probes enabled at the moment, RADIUS, NMAP, and DNS.

0 Helpful
Reply
Tarik Admani
Tarik Admani Advocate
Advocate
‎08-16-2012 10:59 PM
‎08-16-2012 10:59 PM

ISE 1.1.1 High CPU usage

I am curious to see if the nmap probe is causing this issue, can you see if disabling this will bring the cpu utilization down? If it does or doesnt I would suggest opening a tac case, they should be able to look into your virtual machine a little deeper.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani
*Please rate helpful posts*
0 Helpful
Reply
gschmitt.ngit
gschmitt.ngit Beginner
Beginner
‎09-30-2012 10:01 AM
‎09-30-2012 10:01 AM

ISE 1.1.1 High CPU usage

Have you installed patch 2? One of the reasons for the issue of this patch was to address this issue and data base replication.

Cheers

0 Helpful
Reply
martyn.rees
martyn.rees Enthusiast
Enthusiast
‎10-01-2012 05:09 PM
‎10-01-2012 05:09 PM

ISE 1.1.1 High CPU usage

Yep Patch 2 has been applied, but didn't have any effect on the issue. Also as I mentioned in the original post this is a stand alone system, so there wouldn't be any replication to other members.

0 Helpful
Reply
Tarik Admani
Tarik Admani Advocate
Advocate
‎10-01-2012 05:24 PM
‎10-01-2012 05:24 PM

Re:ISE 1.1.1 High CPU usage

Is this a virtual machine if so is this local or san storage?

Sent from Cisco Technical Support Android App

Tarik Admani
*Please rate helpful posts*
0 Helpful
Reply
martyn.rees
martyn.rees Enthusiast
Enthusiast
‎10-01-2012 05:25 PM
‎10-01-2012 05:25 PM

Re:ISE 1.1.1 High CPU usage

Yes it is a VM, and it is running on SAN storage, as the VM host is a blade server.

0 Helpful
Reply
Tarik Admani
Tarik Admani Advocate
Advocate
‎10-01-2012 05:28 PM
‎10-01-2012 05:28 PM

Re:ISE 1.1.1 High CPU usage

Blade storage is that iscsi? Was it originally provisioned for 60gb and the remaining provisioned after?

Sent from Cisco Technical Support Android App

Tarik Admani
*Please rate helpful posts*
0 Helpful
Reply
martyn.rees
martyn.rees Enthusiast
Enthusiast
‎10-01-2012 05:30 PM
‎10-01-2012 05:30 PM

Re:ISE 1.1.1 High CPU usage

It is a fibre channel SAN connectivity, and was provisioned from the start with 400GB storage.

cheers

0 Helpful
Reply
Tarik Admani
Tarik Admani Advocate
Advocate
‎10-01-2012 05:34 PM
‎10-01-2012 05:34 PM

Re:ISE 1.1.1 High CPU usage

Your best bet is to open a tac case to have them take a look. Also you might want to try to rebuild the virtual machine from scratch and monitor again.

Thanks.

Sent from Cisco Technical Support Android App

Tarik Admani
*Please rate helpful posts*
0 Helpful
Reply
martyn.rees
martyn.rees Enthusiast
Enthusiast
‎10-01-2012 05:36 PM
‎10-01-2012 05:36 PM

Re:ISE 1.1.1 High CPU usage

Yep have got a TAC case under way, but it is slow to work through. At the moment it looks like the profiler service is the cause, but it is yet to be confirmed.

cheers

0 Helpful
Reply
andypenning
andypenning Enthusiast
Enthusiast
‎10-02-2012 07:05 PM
‎10-02-2012 07:05 PM

ISE 1.1.1 High CPU usage

Martyn, if you get a resolution please let us know. I'm having a similar issue. thanks!

0 Helpful
Reply
Latest Contents
How to find/get the registration key from FTD
Created by Eahwar34 on 12-06-2019 03:14 AM
0
0
0
0
We are in need of finding registration key used for our FTD , unfortunately we have forget the key and also it is encrypted . How to find the key from FTD ?
ISE My Devices & Sponsor Portal as a User Change Password Po...
Created by Jason Kunst on 12-05-2019 10:24 AM
0
0
0
0
This is to address those customers coming to ISE from ACS or new to ISE that need a password change portal (UCP) What are the licensing requirements for this solution? My Devices - For using the password change with My Devices you need plus licenses as ... view more
WHITEPAPER - Firepower Threat Defense Cloud Management with ...
Created by Marvin Rhoads on 11-29-2019 07:57 PM
0
10
0
10
  Overview   In this paper we will document the configuration and operation of an integrated solution that includes identity management, firewall, cloud-based management, and cloud-based logging. We will use the following Cisco products: Fu... view more
How Does Cisco Defense Orchestrator Manage Firepower Threat ...
Created by suhegade on 11-26-2019 09:06 PM
0
0
0
0
These days everything is in the cloud. We all know that Cisco Firepower Threat Defense (FTD) is a unified software image, which includes the Cisco ASA features and FirePOWER Services. Using Cisco Defense Orchestrator (CDO), you can manage physical or virt... view more
How Does Cisco Defense Orchestrator Manage Adaptive Security...
Created by suhegade on 11-26-2019 09:03 PM
0
10
0
10
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that provides a simple, consistent, and highly secure way of managing security policies on all your ASA devices. CDO helps you optimize your ASA environment by identifying problems wi... view more
CreatePlease to create content
Discussion
Blog
Document
Video