ISE 3315 show application status ise taking so long

Similar Messages

• SHA-256 on ISE 3315 ?

  Is it possible to possible to use SHA2-256 certificates with an installed ISE 3315 ?
  I have no experience with those systems.
  Version information of installed applications
  Cisco Identity Services Engine
  Version     : 1.1.2.145
  Build Date   : Fri Oct 26 21:10:35 2012
  NAME: "ISE-3315-K9       chassis", DESCR: "ISE-3315-K9       chassis"
  PID: ISE-3315-K9       , VID: V01 ,
  Total RAM Memory: 4018932 kB
  CPU Core Count: 4
  CPU 0: Model Info: Intel(R) Core(TM)2 Quad CPU   Q9400 @ 2.66GHz
  CPU 1: Model Info: Intel(R) Core(TM)2 Quad CPU   Q9400 @ 2.66GHz
  CPU 2: Model Info: Intel(R) Core(TM)2 Quad CPU   Q9400 @ 2.66GHz
  CPU 3: Model Info: Intel(R) Core(TM)2 Quad CPU   Q9400 @ 2.66GHz
  Hard Disk Count(*): 2
  Disk 0: Device Name: /dev/sda
  Disk 0: Capacity: 250.00 GB
  Disk 0: Geometry: 255 heads 63 sectors/track 30401 cylinders
  Disk 1: Device Name: /dev/sdb
  Disk 1: Capacity: 250.00 GB
  Disk 1: Geometry: 255 heads 63 sectors/track 30401 cylinders
  NIC Count: 4

  Yes it should work with either SHA-1 or SHA-256. Reference.

• ISE 3315 stuck in INIT Entering runlevel: 3

  Hello
  my ISE 3315 is stuck in
  ISE 3315 stuck in INIT Entering runlevel: 3
  when i connect a screen and keyboard i can only see this last message :
  ISE 3315 stuck in INIT Entering runlevel: 3
  There is nothing after, i cannot login (no prompt) even after waiting 20 minutes with this message
  I have no char return via serial cable depsite i was able to run initial setup from console (same cable, the DB9-DB9 provided, same serial config, same laptop)
  really strange
  Version ADE :  ADE-OS-2.0 (2.6.18-238.1.1.el5PAE)
  Version ISE : 1.1.0.665
  Any idea ?
  Thanks
  Guillaume

  Hello,
  for me i can say it is too slow if you don't have a DNS and a NTP server accessible from the ISE.
  It is requested to have both servers during initial setup, and with that, it is running faster (let's say 30 minutes to do all initial setup ...)
  Hope it helps !

• Data manager jobs taking too long or hanging

  Hoping someone here can provide some assistance with regard to the 4.2 version. We are specifically using BPC/OutlookSoft 4.2SP4 (and in process of upgrading to BPC7.5). Three server environment - SQL, OLAP and Web.
  Problem: Data manager jobs in each application of production appset with five applications are either taking too long to complete for very small jobs (single entity/single period data copy/clear, under 1000 records) or completely hanging for larger jobs. This has been an issue for the last 7 days. During normal operation, small DM jobs ran in under a minute and large ones taking only a few minutes.
  Failed attempts at resolution thus far:
  1. Processed all applications from the OLAP server
  2. Confirmed issue is specific to our appset and is not present in ApShell
  3. Copied packages from ApShell to application to eliminate package corruption
  4. Windows security updates were applied to all three servers but I assume this would also impact ApShell.
  5. Cleared tblDTSLog history
  6. Rebooted all three servers
  7. Suspected antivirus however, problem persists with antivirus disabled on all three servers.
  Other Observations
  There are several tables in the SQL database named k2import# and several stored procedures named DMU_k2import#. My guess is these did not get removed because I killed the hung up jobs. I'm not sure if their existence is causing any issues.
  To make the long story short, how can I narrow down at which point the jobs are hanging up or what is taking the longest time? I have turned on Debug Script but I don't' have documentation to make sense of all this info. What exactly is happening when I run a Clear package?  At this point, my next step is to run SQL Profiler to get a look into what is going on behind the scenes on the sql server. I also want to rule out the COM+ objects on the web server but not sure where to start.
  Any help is greatly appreciated!!
  Thank you,
  Hitesh

  Hi ,
  The problem seems to be related to database. Do you have any maintenance plan for database?
  It is specific for your appset because each appset has own database.
  I suspect you have to run an sp_updatestats (Update Statistics) for your database and I think the issue with your jobs hang will be solved.
  DMU_K2_importXXX  table are coming from hang imports ...you can delete these tables because it is just growing the size of database and for sure are not used anymore.
  Regards
  Sorin Radulescu

• Cisco ISE-3315-K9 version 1.1.1.268 upgrade to 1.2.0.899

  Hi Dears,
  I have two ISE devices. One of them sofware is 1.1.1.268 and one of them is 1.2.0.899. Now i want upgrade ISE 3315 software   1.1.1268 to 1.2.0.899.
  How can I do that?? Please help me.

  First, Create a repository in the ISE WebGUI by going to Administration > System > Maintenance and clicking Repository on the Left Menu:
  Click the +Add button and then fill out the configuration for the repository:
  Note that my repository name is Upgrade.
  Download the ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz file and place it in the location you configured in your repository.
  Perform a backup of your ISE.
  Install the latest patches for v1.1.1
  Log in to the CLI and issue the following command:
  application upgrade ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz Upgrade
  Wait.
  Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.Charles Moreton

• ISE 3315 License needed for integration with PxGrid SealthWatch

  Hello Experts,
  i have ISE 3315 with Version 1.3
  i want to integrate it with pxgrid and ordering Sealthwatch. Can anyone tell me do i need To have ISE Advance-License for this integration ? Or with ISE  Base-License it can work?
  Thanks

  ISE License Packages
  Perpetual/Subscription (Terms Available)
  ISE Functionality Covered
  Notes
  Base
  Perpetual
  Basic network access: AAA, IEEE-802.1X
  Guest management
  Link encryption (MACSec)
  TrustSec
  ISE Application Programming Interfaces
  Plus
  Subscription (1, 3, or 5 years)
  Bring Your Own Device (BYOD) with built-in Certificate Authority Services
  Profiling and Feed Services
  Endpoint Protection Service (EPS)
  Cisco pxGrid
  Does not include Base services; a Base license is required to install the Plus license.
  Apex
  Subscription (1, 3, or 5 years)
  Third Party Mobile Device Management (MDM)
  Posture Compliance
  Does not include Base or Plus services; a Base license is required to install the Apex license.
  Note   
  When you use Cisco AnyConnect as unified posture agent across wired, wireless, and VPN deployments, you need Cisco AnyConnect Apex user licenses in addition to Cisco ISE Apex licenses.
  Mobility
  Subscription (1, 3, or 5 years)
  Combination of Base, Plus, and Apex for wireless and VPN endpoints
  Cannot coexist on a Cisco Administration node with Base, Plus, and/or Apex Licenses.
  Mobility Upgrade
  Subscription (1, 3, or 5 years)
  Provides wired support to Mobility license
  You can only install a Mobility Upgrade License on top of an existing Mobility license.
  Evaluation
  Temporary (90 days)
  Full Cisco ISE functionality is provided for 100 endpoints.
  All Cisco ISE appliances are supplied with an Evaluation license.

• In ISE (ise-3315) low reliability

  Hello.
  What will happen if ise- 3315 broke one HDD? In ISE low reliability - RAID no. How can a server for security do without RAID?
  How can we improve reliability?

  The best solution is going for the higher appliance or VMware solution for reference kindly see the following details
  Cisco Identity Services Engine Hardware Specifications
  Cisco Identity Services Engine Appliance 3315 (Small)
  Cisco Identity Services Engine Appliance 3355 (Medium)
  Cisco Identity Services Engine Appliance 3395 (Large)
  Processor
  1 x QuadCore Intel Core 2 CPU Q9400 @ 2.66 GHz
  1 x QuadCore Intel Xeon CPU E5504 @ 2.00 GHz
  2 x QuadCore Intel Xeon CPU E5504 @ 2.00 GHz
  Memory
  4 GB
  4 GB
  4 GB
  Hard disk
  2 x 250-GB SATA HDD
  2 x 300-GB SAS drives
  4 x 300-GB SFF SAS drives
  RAID
  No
  Yes (RAID 0)
  Yes (RAID 0+1)
  Removable media
  CD/DVD-ROM drive
  CD/DVD-ROM drive
  CD/DVD-ROM drive
  Network Connectivity
  Ethernet NICs
  4 x Integrated Gigabit NICs
  4 x Integrated Gigabit NICs
  4 x Integrated Gigabit NICs
  10BASE-T cable support
  Cat 3, 4, or 5 unshielded twisted pair (UTP) up to 328 ft (100 m)
  Cat 3, 4, or 5 UTP up to 328 ft (100 m)
  Cat 3, 4, or 5 UTP up to 328 ft (100 m)
  10/100/1000BASE-TX cable support
  Cat 5 UTP up to 328 ft (100 m)
  Cat 5 UTP up to 328 ft (100 m)
  Cat 5 UTP up to 328 ft (100 m)
  Secure Sockets Layer (SSL) accelerator card
  None
  Cavium CN1620-400-NHB-G
  Cavium CN1620-400-NHB-G
  Interfaces
  Serial ports
  1
  1
  1
  USB 2.0 ports
  4 (two front, two rear)
  4 (one front, one internal, two rear)
  4 (one front, one internal, two rear)
  Video ports
  1
  1
  1
  External SCSI ports
  None
  None
  None
  System Unit
  Form factor
  Rack-mount 1 RU
  Rack-mount 1 RU
  Rack-mount 1 RU
  Weight
  28 lb (12.7 kg) fully configured
  35 lb (15.87 kg) fully configured
  35 lb (15.87 kg) fully configured
  Dimensions (H x W x L)
  1.69 x 17.32 x 22 in.
  (43 x 440 x 55.9 mm)
  1.69 x 17.32 x 27.99 in.
  (43 x 42.62 x 711 mm)
  1.69 x 17.32 x 27.99 in.
  (43 x 42.62 x 711 mm)
  Power supply
  350W
  Dual 675W (redundant)
  Dual 675W (redundant)
  Cooling fans
  6; non-hot plug, nonredundant
  9; redundant
  9; redundant
  BTU rating
  1024 BTU/hr (at 300W)
  2661 BTU/hr (at 120V)
  2661 BTU/hr (at 120V)
  Compliance
  FIPS
  Uses FIPS 140-2 Level 1 validated cryptographic modules
  Uses FIPS 140-2 Level 1 validated cryptographic modules
  Uses FIPS 140-2 Level 1 validated cryptographic modules
  Cisco Secure Network Server 3415 (Small) - New
  Cisco Secure Network Server 3495 (Large) - New
  Processor
  1 x Intel Xenon Quad-Core 2.4 GHz E5-2609
  2 x Intel Xenon Quad-Core 2.4 GHz E5-2609
  Memory
  16 GB
  32 GB
  Hard disk
  1 x 600GB 6Gb SAS 10K RPM
  2 x 600GB 6Gb SAS 10K RPM
  RAID
  No
  Yes (RAID 0+1)
  CD/DVD-ROM drive
  No
  No
  Network Connectivity
  Ethernet NICs
  4 x Integrated Gigabit NICs
  4 x Integrated Gigabit NICs
  10/100/1000BASE-TX cable support
  Cat 5 UTP up to 328 ft (100 m)
  Cat 5 UTP up to 328 ft (100 m)
  Secure Sockets Layer (SSL) accelerator card
  None
  Cavium CN1620-400-NHB-G
  Interfaces
  Front Panel Connector
  1 x KVM console connector (supplies 2 USB, 1 VGA, and 1 serial connector)
  1 x KVM console connector (supplies 2 USB, 1 VGA, and 1 serial connector)
  Additional Rear Connectors
  Additional  interfaces including a VGA video port, 2 USB 2.0 ports, an RJ45 serial  port, 1 Gigabit Ethernet management port, and dual 1 Gigabit Ethernet  ports
  Additional  interfaces including a VGA video port, 2 USB 2.0 ports, an RJ45 serial  port, 1 Gigabit Ethernet management port, and dual 1 Gigabit Ethernet  ports
  System Unit
  Form factor
  Rack-mount 1 RU
  Rack-mount 1 RU
  Weight
  35.6 lbs (16.2 kg)
  26.8 lbs (12.1 kg)
  35 lb (15.87 kg) fully configured
  Dimensions (H x W x L)
  1.7 x 16.9 x 28.5 in.
  (4.32 x 43 x 72.4 cm)
  1.7 x 16.9 x 28.5 in.
  (4.32 x 43 x 72.4 cm)
  Power supply
  650W
  Dual 650W (redundant)
  Cooling fans
  5
  5
  Temperature: Operating
  32 to 104°F (0 to 40°C) (operating, sea level, no fan fail, no CPU throttling, turbo mode)
  32 to 104°F (0 to 40°C) (operating, sea level, no fan fail, no CPU throttling, turbo mode)
  Temperature: Nonoperating
  -40 to 158°F (-40 to 70°C)
  -40 to 158°F (-40 to 70°C)
  Compliance
  FIPS
  Uses FIPS 140-2 Level 1 validated cryptographic modules
  Uses FIPS 140-2 Level 1 validated cryptographic modules

• ISE-3415 vs ISE-3315

  Hello,
  two years ago I wanted to buy ISE-3315 and when we prepared order we were told we have to order following components:
  - ISE-3315-K9
  - L-ISE-ADV3Y-100=
  Today ISE-3315 is EOS and the solution for small business is ISE-3415. The problem is we have to order following components:
  - SNS-3415-K9
  - SW-3415-ISE-K9 Cisco ISE Software version 1.2 for the SNS-3415-K9
  - L-ISE-ADV-S-100=
  The main problem is the new solution costs almost 50% more. Can someone confirm that it is correct? Or maybe I had wrong information two years ago with ISE-3315.
  BTW - I need the appliance for lab and study. Do we need to buy a full license in this case?
  Thank you
  Hubert

  Yes you can buy the appliance and then install the trial version.  just keep in mind that once the trial time has run out you must buy the license to continue to use the features that were available with the trial version.
  If using VMware, you can rollback to a snapshot prior to the installation of the ISE and reinstall the trial license and continue to use it for your studies.
  Of course, if you have a budget that will allow you to buy the appliance and a full license that is provided by the trial license, then go for it.  But if you want to save some money then the VMware is the way to go.
  Please remember to select a correct answer and rate helpful posts

• Does Cisco ISE-3315-K9 with ise version: Service Engine: 1.0.4.573 support command accouting like ACS

  Hi
  Can Anybody can update whether   ISE-3315-K9 with ise version: Service Engine: 1.0.4.573 , supports the command level accounting
  Bascially , we have integrated Cisco Switches with Cisco ISE for Device Authentication using Radius , we are able get the authentication logs on to the devices , but for any command changes or update done on Cisco devices we are not able to get the command accounting ..
  has succeed in  command level accounting on  Cisco ISE ..
  Please update
  Cisco ISE doesn't have TACACS feature ...

  Command Accounting is a TACACS+ feature so not for ISE....yet.
  However, you can do the following to send commands to syslog and not including passwords (hidekeys). I just picked 200 commands/lines to store in the local command buffer/log. increase or decrease as you have memory.  The notify syslog is what sends it via syslog.
  conf t
  archive
  log config
  logging enable
  logging size 200
  hidekeys
  notify syslog
  end
  wr mem
  Remember, syslog is clear text  :-)  log away from user traffic when possible.  Or use TLS based syslog when possible.
  I hope you find this answer useful, if it was satisfactory  for you, please mark the question as Answered.
  Please rate post you consider useful.
  -James

• IDoc Error IDocs showing the status 53 "Application Document Posted".

  Hi All
  IDocs showing the status 53 "Application Document Posted". But values are not updated in SAP.
  Plaese sugggest on this,
  Thanks
  Ajit K Barik

  Ajit, there might have been a dump--check in ST22 or a update termination error, check in SM13.
  Either of these you'll have to take help of your ABAP consultant to analyse.
  Regards,
  Raghu.

• Does Anybody know how to keep the license files and Certificates in ISE-3315 During the upgrade.

  Hi,
  I have two ISE-3315 Appliances in production network.
  I need someone's help to explain, how to make the Secondary node as the primary admin note to reset-config.
  And then I would like to know how to keep the license files and Certificate during the Upgrade.
  Please help me to answer my questions.
  Thanks
  CSCO11872447

  The Cisco Identity Services Engine (ISE) provides distributed  deployment of runtime services with centralized configuration and  management. Multiple nodes can be deployed together in a distributed  fashion to support failover.
  If you register a  secondary Monitoring ISE node, it is recommended that you first back up  the primary Monitoring ISE node and then restore the data to the new  secondary Monitoring ISE node. This ensures that the history of the  primary Monitoring ISE node is in sync with the new secondary node as  new changes are replicated.
  Please  Check the below configuration guide for Secondary ISE- Nodes.
  http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.pdf

• ISE-3315, license

  Hi all,
  I hope someone can help me out with the following question;
  We want to buy a ISE-3315-K9 for 500 end-devices.
  In the price-list I found the ISE-3315-K9 but cannot find the base license: L-ISE-BSE-500=. (I think I need this license)
  Will the shipment of the ISE-3315-K9 includes a 3000 end-points base license (maximum support of the ISE-3315) or do I need to order the base 500 license seperately?
  Thanks in advance,
  Erik Verkerk.

  Cisco ISE comes with a built-in evaluation  license, which is valid for 90 days. The evaluation license includes  both base and advanced packages and limits the number of endpoints to  100 for both the base and advanced packages
  ISE 3315 is End-of-Sale
  http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11640/eol_C51-728424.html
  For 500 endpoint support (basic funtionality ) you  need to buy  L-ISE-BSE-500=
  https://apps.cisco.com/WOC/WOConfigUI/pages/configset/configset.jsp

• SealthWatch intrgration with Cisco ISE-3315

  Hello Experts,
  i have Cisco ISE-3315 version 1.3 
  Can i order and SealthWatch Lancop and use it with this series of ISE 3315 ? Or i must have SNS ?

  Hi Imran-
  The 3315 appliance supports all personas running ISE 1.3
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/release_notes/ise13_rn.html#pgfId-527567
  Now, with that being said, keep in mind that this appliances has a lot less resources compared to the SNS appliances. Thus, if you are planning on running all personas on it then you will be greatly limited to the number of concurrent endpoints. 
  Thank you for rating helpful posts!

• ISE certificate export problem (stops ISE App Server process?)

  I am trying to export certs for backup on a distributed ISE deployment.On every box of every type of node when I attempt a backup with or without the private key, nothing happens, but the GUI stops.  After checking the "sh app status ise" on the CLI I notice that it now says "ISE Application Server process is not running."  After a few minutes the process starts again by itself and the GUI starts working by I dont recive any cert export.
  Anybody got any ideas?
  thanks
  Nick

  Hi Jatin,
  I did an upgrade of a distributed deployment today. After a deregister of the first admin/monitoring node I was able to export the certificate including the keys for this machine. Hower this didn't work for the PSN nodes in standalone mode. Also after the upgrade to version 1.1.4 - patch 1, trying to export the identity certificate with the keys included causes a stop/start of the ISE application. It doesn't matter if the units are in standalone mode or added to the deployment. The only difference is that the PSN nodes run as a VM wereas the pap/mnt nodes are 3395 appliances.
  Sent from Cisco Technical Support iPhone App

• In Message Monitoring Message showing holding status

  Hi
  Can anyone solve this problem.Its urgent for me.
  My scenario is IDoc->XI->FILE
  The file i am trying to generate is an xml file which i am dropping in XI application server using File system.
  The problem is when i am going to see the message using transaction SXMB_MONI the perticular message interface is showing waiting for acknowladgement status .
  But in message monitoring in runtime workbench the it is showing following status:
  Adapter Engine
  <b>Holding</b>
  18.11.2005 05:42:09    
  CORP_SAP_DR2_030 http://limited.com/usa/sap_appl/retail/VendorsSAPAPOToMANU
  MIIA_Create  
  BS_MANU
  I am in SP14.
  Also the output xml file is not getting created in the XI application server.
  Please let me know the solution.
  Thanks
  Debraj Roy

  Hi Debraj
  HOLDING is a status which occurs normally for EOIO (Exactly Once In Order), so your message is set to Holding means some earlier message has not gone through. So until those messages are through this message will be in HOLDING state.
  Have a look at this link which explains how to handle such scenarios.
  http://help.sap.com/saphelp_nw04/helpdata/en/49/e3fb40ef74f823e10000000a155106/content.htm
  cheers
  Sameer
  Assign points if it helped you