Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ISE 1.2 Posture Update Issue

In ISE 1.2 below message is showing when we do a web posture update either manual or automatic.

"Remote address is not accessible. Please make sure update feed url, proxy address and proxy port are properly configured".

It was working fine for long time and all of a sudden it stopped working
and no changes have made on the network side.
https://www.cisco.com/web/secure/pmbu/posture-update.xml is working in the browser.

Few customers had reported the same. Boxes are installed with latest patch version 7.

We can upload the updates through offline mode.

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

I have experienced the same

I have experienced the same issue. Both the posture update feed URLs 

1. https://www.cisco.com/web/secure/pmbu/posture-update.xml

2. https://www.perfigo.com/ise/posture-update.xml

give the same error, when the ISE boxes try to do the updates. But these URLs are accessible from outside.

A TCP dump taken from a box shows as "Certificate unkown Alert " (when it tries to update) for the received certificate from the other end. Then the ISE box sends a (FIN,ACK) and terminates the session.

The relevant pcap file is attached

3 REPLIES
Community Member

I have experienced the same

I have experienced the same issue. Both the posture update feed URLs 

1. https://www.cisco.com/web/secure/pmbu/posture-update.xml

2. https://www.perfigo.com/ise/posture-update.xml

give the same error, when the ISE boxes try to do the updates. But these URLs are accessible from outside.

A TCP dump taken from a box shows as "Certificate unkown Alert " (when it tries to update) for the received certificate from the other end. Then the ISE box sends a (FIN,ACK) and terminates the session.

The relevant pcap file is attached

Community Member

Recently I had the same issue

Recently I had the same issue. The dump clearly indicates a problem with a certificate, so I was able to fix it re-enabling all the factory certificates in the Certificate Store.

First I tried re-enabling one by one, but as I got the same result I tried re-enabling all of them at the same time

 

Regards.

Community Member

I had the same issue on ISE 1

I had the same issue on ISE 1.3 and 1.4 just now.

I resolved it by adding the Root CA (Geotrust) into the trusted certificates. I had to put the URL in my browser to determine who had issued the cert in the first place, then went to their website to get it, since it wasn't in the ISE to begin with. 

1178
Views
5
Helpful
3
Replies
CreatePlease to create content