Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
973
Views
0
Helpful
2
Replies

ISE Secondary PAN Node not showing live logs from PSN Node

brazju
Level 1
Level 1

‎11-24-2022 08:02 AM

Version 3.1.0.518 Patch 3, MnT currently running on the same node as the PAN

Cisco ISE live logs missing authentication for secondary PAN node. As a result, we cannot see any device in the live logs or live sessions that authenticate via the secondary ISE node in DC2. 

We recently enabled SXP to allow SGT info from ISE to FMC and rebooted ISE for slowness but no other changes. Any insight is helpful.

 

1 person had this problem
0 Helpful
2 Replies 2

ammahend
VIP
VIP

‎11-24-2022 08:47 AM

it doesn't make much sense, can you clearly state how your primary pan &mnt, secondary pan &mnt and psns are configured and distributes across 2 DC.

you only see live logs on primary pan, unless primary fails and you promote secondary as primary. 

-hope this helps-
0 Helpful

Milos_Jovanovic
VIP Alumni
VIP Alumni

‎11-24-2022 10:24 AM

Hi @brazju,

For detailed understanding, we need to understand the setup, as @ammahend explained. I would assume that secondary PAN is actually primary MnT.

Out of the sky, I would say try to go to Administraton / System / Logging / Log Settings, and try to disable ISE Messaging Settings. If that helps, and you start seeing logs, that means that you have issue with ISE Messaging certificates.

Kind regards,

Milos

0 Helpful
Customers Also Viewed These Support Documents