Secondary ISE cannot join the primary node with error message

Answered Question
Aug 17th, 2012

Hi,

I have just installed the secondary ISE and did the followings, but when I try to join the primary node, I received the Cannot authenticate the primary ISE, please check the server or certificate and try again.

- promote the secondary from standalone to primary

- export self cert from the seconary

- import the cert to the primary

- try to add not on the secondary used both IP and host name with super admin user

One thing I have noticed that the instruction on the ISE 1.1.1 import cert on primary section mentioned:

  1. Choose Administration > System > Certificates.
  2. From the Certificate Operations navigation pane on the left, click Certificate Authority Certificates.

but the Certificat Authority Certificates does not exist on the left pane. I choosed Certificate store instead

ise.png

any suggestions?

I have this problem too.
0 votes
Correct Answer by Tarik Admani about 1 year 8 months ago

Hi,

Did you set the secondary node to primary? You may have tried to register the node in the wrong direction. For a node to register with the primary node, the registration request must be initiated from the primary node.

Thanks,

Tarik Admani
*Please rate helpful posts*

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
edondurguti Fri, 08/17/2012 - 08:37

I've seen that order to be different on the cert guide aswell.

Make sure that the admin password matches

songchunmu Fri, 08/17/2012 - 08:39

Yes. Admin password is match. I have also tested to using a different super admin user created on both system. none of them working

edondurguti Fri, 08/17/2012 - 08:41

do you have both certs on the primary node as of right now?

if you go to

Administration > System > Certificates

choose Certificate Store

what do you see there?

.

songchunmu Fri, 08/17/2012 - 08:44

Yes. I have two certs there, one is local/primary the other one is imported from the secondary

songchunmu Fri, 08/17/2012 - 08:54

I tried to add the cert from primary and imported it into the secondary. Run add note again, get different error:

Unable to register primary_host. Node is not a Standalone node.

Correct Answer
Tarik Admani Fri, 08/17/2012 - 08:58

Hi,

Did you set the secondary node to primary? You may have tried to register the node in the wrong direction. For a node to register with the primary node, the registration request must be initiated from the primary node.

Thanks,

Tarik Admani
*Please rate helpful posts*

Actions

Login or Register to take actions

This Discussion

Posted August 17, 2012 at 8:20 AM
Stats:
Replies:8 Avg. Rating:5
Views:1225 Votes:0
Shares:0

Related Content

Discussions Leaderboard