A good start would be to login to the cli and issue a "show logging application ise tail" and see if there are any errors. Next I would try issuing a test aaa authentication from one of you network devices and point it to this PSNs ip address.
I would also check the "show application status ise" and compare it to the status of the psn that does work.
The full replication is running fine without error.
I saw that on my primary administration server, I have the status of all my deployment. And it shows the following:
- the first ISE server I added to the cluster has the "services" field to All
- the new ISE server I added to the cluster has the "services" field to "SESSION".
If I click on it, I can indeed see that the Profiler Service is not ticked, only the Session is ticked. However, when I registered my new server, I am 100% sure to have ticked the Profiler and the Session services, because I did it twice already.
However, I cannot tick it now because the option is grayed out.
I try that by also resetting the database then I registered the node. I observe the following.
When I register the node I take care to tick the box the Session service and the Profiler service. Then the services restart on my box and all sync, the server appears on my primary ISE and displays that there is only the Session service. I cannot edit it as the Profiler service is grayed out.
I don't know if that's the issue or not but this did not happen on my other PSN that I could successfully register...
Thanks to Cisco TAC, we could solve the issue. I had exported the configuration from ACS to ISE using the Cisco MigTool. There was 1 item that ISE could not interpret correctly, the LDAP NAC Profiler. We removed that item and rebooted all ISE nodes, and it worked perfectly on all nodes !
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...