08-28-2013 12:32 AM - edited 03-10-2019 08:49 PM
What is up with No Response from ISE Node ??
Even though it sounds like the PSN node can't communicate with AD, it does authenticate and retrieving Groups, and attrbitues.
How can I fix this ?
why is it saying 'No Response from ISE Node ?
09-30-2013 04:39 PM
Where exactly do you see the error message, when checking the AD connectivity? Please send me a screenshot showing the error.
Can you send me a screenshot from Administration > System > Deployment?
Most likely this would be a certificate issue in your case as well but we need to confirm that.
~BR
Jatin Katyal
**Do rate helpful posts**
09-30-2013 06:23 PM
Team,
I ran into the same issue and found that it was related to the cert that was installed before 1.2. Basically my customer was using a SAN cert which was created by openssl. In our scenario we did not run into any issues with the cert during the upgrade, however we found that when we reset the db on one of the PSNs and then restored the cert from the 1.1.x instance of the same node, we then saw the cert error.
If you are using a cert that had SAN where one of the dns hostnames is not equal to the CN then you will have to regenerate and re-install the cert. That was what caused my issue in my upgrade and I am working with TAC to have a bug raised for this.
@Jatin - the ISE node unavailable message in the original post was the AD settings, which doesnt add up because there is no cert validate for joining AD.
Thanks,
Tarik Admani
*Please rate helpful posts*
09-30-2013 11:45 PM
Hello,
In my case, I never used 1.1 and always used 1.2 since the very beginning. I don't use SAN certificates and I don't OpenCL so I don't really know what is going on.
David
10-01-2013 08:43 AM
10-01-2013 08:59 AM
Here is one workaround and bug for the users that are having problems associating the other nodes this doesnt fix all cases where a single node deployment exists. Also you may want to see if opening a tac case could resolve this issue.
Tarik Admani
*Please rate helpful posts*
10-03-2013 06:45 PM
It looks like connectivity issue or the NTP server is not synchronized.
10-03-2013 07:12 PM
Wouldn't you expect a different error, it seems if ntp is off you would see "joined but not connected..etc".
Thanks,
Tarik Admani
*Please rate helpful posts*
12-20-2013 09:17 PM
I had this problem in my lab environment too. To solve it I did the following:
My ISE version is 1.2 with patch version 2. The test AD is a Windows Server 2008 R2 with the same schema version.
To join the ISE to the domain I used an Administrator Domain user.
Hope it helps
Regards,
Jaime
01-28-2014 05:44 AM
Hi All,
I am currently seeing this issue on a brand new installed ISE 1.2 node. It is currently in standalone mode and presenting this error when trying to join to Active Directory. There is no firewall in the path, NTP is synchronized, and we have tested with self-assigned and enterprise issues certificates (the CA certs were also installed on the server).
I haven't installed any of the patches, yet. I was hoping to wait until the servers were joined together in deployment. I will try that and see how it turns out. But, I don't that bug as being fixed in a patch.. will update with progress.
Has anyone else seen any progress on this issue?
Thanks,
Ryan
02-04-2014 09:37 AM
Hi, someone that found the solution please could comment us.
Best Regars
Harold Figueroa
02-04-2014 09:39 AM
Harold,
For my issue, it turned out to be something was corrupted in the AD components during install. The servers I was having this issue on were freshly installed. I was able to resolve the issue by reinstalling ISE.
This is most likely because I was restricted to installed to a VM via a client CD ROM over the network. There was lots of room for error in the data transmission.
Good luck,
Ryan
07-29-2014 02:17 AM
Dear All,
After changing domain in my environment I ran into the same problem. After it I generated another valid certificate for this new FQDN I set it to be used for EAP and HTTPS.
After it the issue is resolved.
Regards,
Miki
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: