Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4807
Views
0
Helpful
8
Replies

NODE-NOT-REACHABLE on ISE

Kashish_Patel
Level 2
Level 2

‎03-10-2013 11:41 AM - edited ‎03-10-2019 08:10 PM

Primary ISE node (Serving Admin and Monitor personas) is showing two of the PSNs as "NODE-NOT-REACHABLE" under Replication Status on Deployment page on GUI. It can ping the PSNs and PSNs are actually registered to the Primary admin/monitor node. How can I fix this?

Thanks,

Kashish

1 person had this problem
Labels:
0 Helpful
8 Replies 8

Tarik Admani
VIP Alumni
VIP Alumni

‎03-10-2013 01:31 PM

How does DNS look when resolving all the hosts. Download a support bundle from the administration node and check the ise-psc.log files.

Thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful

nspasov
Cisco Employee
Cisco Employee

‎03-10-2013 08:40 PM

In addition to Tarik's recommendation, can you also tell us if you have a firewall(s) between the different nodes? If yes, do you have the appropriate ports opened?

0 Helpful

Kashish_Patel
Level 2
Level 2
In response to nspasov

‎03-10-2013 10:27 PM

Neno,

There is no firewall in between. This was working fine all this while and was observed only recently. The effect of this is that a config change done on primary admin/monitor node is not getting reflected on the PSNs.

Thanks,

Ritika

0 Helpful

Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎06-24-2013 06:24 AM

For out of sync issues, which most likely are due to time changes or NTP  sync

issues, you must correct the system time and perform a manual sync up  through

the UI.

• For certificate expiry issues, you must install a valid  certificate and perform a

manual sync up through the UI.

• For a node that  has been down for more than six hours, you must restart the node,

check for  connectivity issues, and perform a manual sync up through the  UI

0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni
In response to Venkatesh Attuluri

‎06-24-2013 07:07 AM

kashish,

What version are you currently on, I am seeing this behavior on an ise 1.1.4 environment after doing failover testing.

Tarik Admani
*Please rate helpful posts*

0 Helpful

Kashish_Patel
Level 2
Level 2
In response to Tarik Admani

‎06-24-2013 08:56 AM

Not 1.1.4..I think we saw this on 1.1.1.xxx

0 Helpful

myanuary
Level 1
Level 1
In response to Kashish_Patel

‎07-05-2013 12:38 AM

have you try de-register and then register again ??

0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni

‎07-06-2013 04:56 PM

Hi,

I found the issue on ny network and it was due to a different dns record.

Simple way to check is issuing a dns lookup from admin node cli of the problem node. Then repeat from problem node attempting to resolve admin node.

Then if that looks good you can issue the command on both nodes...

Show logging application ise tail,

That output should give you a listing of the nodes in the ise deployment and the ip addresses of each node.

Thanks.


Sent from Cisco Technical Support Android App

0 Helpful
Customers Also Viewed These Support Documents