About joe_lizzi

joe_lizzi · 03-04-2020

I have an interesting issue on one of my ISE 2.4 (Patch 11) nodes. It has somehow managed to get two separate certs assigned to the "Default Portal Certificate Group". For example: Name: portal-ssl-1.ise Use: Portal Portal group tag: Default ...

joe_lizzi · 11-26-2019

We just discovered this bug when trying to add new PSNs to our existing rollout. It took a couple of days to figure out why, despite the appropriate permissions for the AD user and the exact OU string, the Join command kept failing with "Access Denie...

joe_lizzi · 07-24-2019

I am attempting to get the Profiler FeedService working in our ISE (2.4, Patch 9) deployment, but it keeps returning a non-helpful "null" error whenever I test it:Test result: Failure: FeedService test connection failed : Feed Service error : null **...

joe_lizzi · 05-07-2019

Hello, We're setting up a fully-distributed 2.4 ISE cluster across 3 datacenters. 2 of the DCs will have PAN and MnT nodes (primary/secondary, of course), and all 3 DCs will have at least 2 PSNs each. The PSNs are being load-balanced behind F5s. Th...

joe_lizzi · 03-05-2020

Okay, looks like it's really stuck in a weird way. It let me assign the self-signed cert to the Portal, but it only took the role away from "portal-ssl-1", leaving "portal-ssl-2" and the self-signed cert assigned to Default Portal duty. I'll either c...

joe_lizzi · 07-30-2019

We just ran into a similar problem, using ISE 2.4. After experimenting and playing around, it's seems to be a bug in how ISE sometimes handles Root Groups that used to have sub-groups and devices assigned - it doesn't always (behind the scenes) remov...

joe_lizzi · 07-24-2019

It's contacting ise.cisco.com (208.90.58.30), on port 8443, as one might expect. The problem, of course, is that I can't actually see what data errors are being passed back, since everything is encrypted. But it's definitely talking to the remote pro...

joe_lizzi · 05-08-2019

Thank you for the calculator link and the information. I know about the split-interface stuff, that's the way it's configured now, but we were trying to avoid the mess with static routes and other things that it entails. Based on some prelim numbers ...

Member Since	‎08-28-2018 06:49 AM
Date Last Visited	‎03-24-2023 12:03 AM
Posts	8
Total Helpful Votes Received	5

User Statistics

User Activity

ISE 2.4 Stuck "Default Portal Cetificate Group" certs

CSCvq86921 - ISE ignores the organizational unit parameter while joining to Active Directory

Error connecting to ISE Profiler Feed

Amount of expected cross-traffic between ISE nodes

Re: ISE 2.4 Stuck "Default Portal Cetificate Group" certs

Re: ISE Device Admin - Network Device Groups

Re: Error connecting to ISE Profiler Feed

Re: Amount of expected cross-traffic between ISE nodes