This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
We are currently having problems to access via Web admin UI to cisco ISE. after we put the password, we get this message on screen:
authentication failed due to zero RBAC group.
The ISE version that we are using is: 126.96.36.199 path 3
Do you have any idea about that?
Thank you for your attention on this matter.
Serveral known issues exist that result in this message. Can I suggest to open a TAC case?
Or go to 1.1.3 patch 1 and re-test.
Looking at the screen shot it seems that you've not configured ISE to use external account from Active Directory. In most of the cases either we need to run the script to fix it temporarily or we need to reimage. I agree with Marcin that this issue calls for TAC case. However, before that if you wish
1.] You can upgrade to ISE 1.1.3 latest patch.
2.] Try to eset the internal admin account to gain GUI access if you have CLI access.
Run 'application reset-passwd ise admin' >> Follow the prompts
- Do rate helpful posts -
Yes, you can. However, it's a good practise to take backup before you upgrade to next version.
- Do rate helpful posts -
Unfortunately I can't do the upgrade, when I try to upgrade from 1.1.2 to 1.1.3 I get this error:
% ERROR: This node is part of an ISE deployment. Please make it a standalone first, then retry upgrade.
error: %post(CSCOcpm-upgrade-1.1.3-124.i386) scriptlet failed, exit status 1
% Application upgrade failed. Please check logs for more details or contact Cisco Technical Assistance Center for support.
I think to install 1.1.4. may solve many issues.
it's look like you have more than 1 ise that act as primary/secondary, so you must make it standalone before you upgrade it...
In Cisco ISE, RBAC policies are simple access control policies that use RBAC concepts to manage admin access. These RBAC policies are formulated to grant permissions to a set of administrators that belong to one or more admin group(s) that restrict or enable access to perform various administrative functions using the user interface menus and admin group data elements. I think there is problem with your RBAC policy configuration. Please follow the below link for help.
I went through your query and found the following link which might help you :-
Thanks for helping but, I can't access the web interface, how could I change the RBAC configurations?
click on the above link and go to Configuring RBAC Permissions .