Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
238
Views
0
Helpful
3
Replies

Cisco ISE 1.4 HA Setup

aslam.bajwa
Level 3
Level 3

‎06-27-2015 01:01 PM - edited ‎03-10-2019 10:51 PM

Hi All , 

 

i have Cisco ISE 1.4 Appliances , i facing Error while configuring Failover . i have attached the Error Sreenshot.

 

Please Advise . 

 

 

Labels:
Preview file
31 KB
0 Helpful
3 Replies 3

nspasov
Cisco Employee
Cisco Employee

‎06-27-2015 02:20 PM

This error indicates that the servers do not trust the Certificate Authority that issued the ISE server certificates. If you are using certificates that were issued by a public CA (GoDaddy, VeriSign, etc) then you will need to import the root CA certificate in the trusted certificate stores in ISE.

If you are using self-signed certificates then you will need to:

1. Export the certificate from the secondary node (that you are trying to join)

2. Import it in the "Trusted Certificates" store in your primary node

3. Check the box that says "Trust for authentication within ISE"

4. Try to join the secondary node again. 

 

Thank you for rating helpful posts!

0 Helpful

aslam.bajwa
Level 3
Level 3
In response to nspasov

‎06-27-2015 04:34 PM

Thanks Neno , 

 

i will apply the workaround you have mentioned and will be able to update you after 2 days . 

 

many thanks 

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to aslam.bajwa

‎06-27-2015 06:42 PM

No problem. Let us know how it goes. Here are a couple of links from Cisco with the exact information needed:

Certificate Export/Import Process for HA:

http://www.cisco.com/c/en/us/td/docs/security/ise/1-4/admin_guide/b_ise_admin_guide_14/b_ise_admin_guide_14_chapter_01000.html#task_9224A3D0555C42E3A5C7FFE6D3D2D174

 

Setting up Distributed Deployment:

http://www.cisco.com/c/en/us/td/docs/security/ise/1-4/admin_guide/b_ise_admin_guide_14/b_ise_admin_guide_14_chapter_011.html

 

Thank you for rating helpful posts!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents