Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6903
Views
13
Helpful
7
Replies

ISE 3.0 No live logs on install in cluster

JonathanC1
Level 1
Level 1

‎10-17-2021 09:32 AM

Hello all, I've setup a new distributed deployment with dedicated PAN, maintenance and policy nodes today. I've got radius & tacacs auth and authorisation working but there are no logs - live logs also in operations menu nothing is appearing. The deployment is all green, and the logging locations look OK. Is there any further troubleshooting anyone can recommend. Or something maybe missed?

Warm Regards J

 

 

 

 

 

1 person had this problem
Labels:
0 Helpful
7 Replies 7

Milos_Jovanovic
VIP Alumni
VIP Alumni

‎10-17-2021 10:42 PM

Hi @JonathanC1,

I would assume that you are facing issue with ISE Messaging Service. Do you see alarms "Queue Link Error" on initial dashboard?

Also, try deactivating ISE Messaging Service under Administration / System / Logging, and see if your logs are there after this action. If your logs are appearing after this action, then you are indeed hitting an issue with ISE Messaging Service, and see this post in order to resolve it.

BR,

Milos

JonathanC1
Level 1
Level 1
In response to Milos_Jovanovic

‎10-18-2021 01:25 AM

Hi Milos,

 

Yes we are getting queue link error on the dashboard & have tried to add more ports from FW documentation. This looks like it is thank you will check it out.

 

Thank you

J

0 Helpful

Mike.Cifelli
VIP Alumni
VIP Alumni

‎02-08-2022 04:19 AM

I have seen this bug in 2.7 versions and most recently with ISE 3.0p5:

Queue Link Bug
---------
The workaround is:
1.- Regenerate ISE Root CA
2.- Regenerate ISE Messaging service Certificate.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr40715

ChuckMcF
Level 1
Level 1

‎04-03-2023 08:25 AM

Minor update: This issue still exists in ISE 3.1P5. The solution suggested by @Mike.Cifelli worked perfectly to resolve the issue.

Thanks,

ChuckMcF

kdurai12
Level 1
Level 1

‎11-14-2023 12:34 AM

I have the same issue, I have regenerated the ISE messaging certificate for that PSN, but still the issue remains.. 

Question:

If I regenerate the ISE Root CA certificate, will there be any service affected with PSN authentication and Sync between PAN and PSN  ?

0 Helpful

kdurai12
Level 1
Level 1
In response to kdurai12

‎11-15-2023 05:56 AM

Any help ?

0 Helpful

ChuckMcF
Level 1
Level 1

‎11-15-2023 06:10 AM

It's been well over a year and a few revisions since I did this, so the details are a bit foggy. I don't remember there being any issues, though. Best suggestion would be to set up a call with TAC.

0 Helpful
Customers Also Viewed These Support Documents