ISE 3315 show application status ise taking so long
Hi,
I have a brand new ISE 3315 appliance running 1.1.1.268 , whenver I try to issue the command "show application status ise" , it takes so long time before it shows the output ..the same when I try to start or stop the application ..
I would like to know if the NTP reachability can cause this kind of behavior .. I'm still testing the appliance in the lab , and I have no NTP server , but I have created local DNS server on a router.
any ideas !
Hi
The Execute Network Device Command diagnostic tool allows you to run the show command on any network device. The results are exactly what you would see on a console, and can be used to identify problems in the configuration of the device. You can use it when you suspect that the configuration is wrong, you want to validate it.
Please make sure that you have performed these steps:
Step 1 Choose Operations > Troubleshoot > Diagnostic Tools > General Tools > Execute Network Device Command.
Step 2 Enter the information in the appropriate fields.
Step 3 Click Run to execute the command on the specified network device.
Step 4 Click User Input Required, and modify the fields as necessary.
Step 5 Click Submit to run the command on the network device, and view the output.
Similar Messages
-
Is it possible to possible to use SHA2-256 certificates with an installed ISE 3315 ?
I have no experience with those systems.
Version information of installed applications
Cisco Identity Services Engine
Version : 1.1.2.145
Build Date : Fri Oct 26 21:10:35 2012
NAME: "ISE-3315-K9 chassis", DESCR: "ISE-3315-K9 chassis"
PID: ISE-3315-K9 , VID: V01 ,
Total RAM Memory: 4018932 kB
CPU Core Count: 4
CPU 0: Model Info: Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz
CPU 1: Model Info: Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz
CPU 2: Model Info: Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz
CPU 3: Model Info: Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz
Hard Disk Count(*): 2
Disk 0: Device Name: /dev/sda
Disk 0: Capacity: 250.00 GB
Disk 0: Geometry: 255 heads 63 sectors/track 30401 cylinders
Disk 1: Device Name: /dev/sdb
Disk 1: Capacity: 250.00 GB
Disk 1: Geometry: 255 heads 63 sectors/track 30401 cylinders
NIC Count: 4Yes it should work with either SHA-1 or SHA-256. Reference.
-
ISE 3315 stuck in INIT Entering runlevel: 3
Hello
my ISE 3315 is stuck in
ISE 3315 stuck in INIT Entering runlevel: 3
when i connect a screen and keyboard i can only see this last message :
ISE 3315 stuck in INIT Entering runlevel: 3
There is nothing after, i cannot login (no prompt) even after waiting 20 minutes with this message
I have no char return via serial cable depsite i was able to run initial setup from console (same cable, the DB9-DB9 provided, same serial config, same laptop)
really strange
Version ADE : ADE-OS-2.0 (2.6.18-238.1.1.el5PAE)
Version ISE : 1.1.0.665
Any idea ?
Thanks
GuillaumeHello,
for me i can say it is too slow if you don't have a DNS and a NTP server accessible from the ISE.
It is requested to have both servers during initial setup, and with that, it is running faster (let's say 30 minutes to do all initial setup ...)
Hope it helps ! -
Data manager jobs taking too long or hanging
Hoping someone here can provide some assistance with regard to the 4.2 version. We are specifically using BPC/OutlookSoft 4.2SP4 (and in process of upgrading to BPC7.5). Three server environment - SQL, OLAP and Web.
Problem: Data manager jobs in each application of production appset with five applications are either taking too long to complete for very small jobs (single entity/single period data copy/clear, under 1000 records) or completely hanging for larger jobs. This has been an issue for the last 7 days. During normal operation, small DM jobs ran in under a minute and large ones taking only a few minutes.
Failed attempts at resolution thus far:
1. Processed all applications from the OLAP server
2. Confirmed issue is specific to our appset and is not present in ApShell
3. Copied packages from ApShell to application to eliminate package corruption
4. Windows security updates were applied to all three servers but I assume this would also impact ApShell.
5. Cleared tblDTSLog history
6. Rebooted all three servers
7. Suspected antivirus however, problem persists with antivirus disabled on all three servers.
Other Observations
There are several tables in the SQL database named k2import# and several stored procedures named DMU_k2import#. My guess is these did not get removed because I killed the hung up jobs. I'm not sure if their existence is causing any issues.
To make the long story short, how can I narrow down at which point the jobs are hanging up or what is taking the longest time? I have turned on Debug Script but I don't' have documentation to make sense of all this info. What exactly is happening when I run a Clear package? At this point, my next step is to run SQL Profiler to get a look into what is going on behind the scenes on the sql server. I also want to rule out the COM+ objects on the web server but not sure where to start.
Any help is greatly appreciated!!
Thank you,
HiteshHi ,
The problem seems to be related to database. Do you have any maintenance plan for database?
It is specific for your appset because each appset has own database.
I suspect you have to run an sp_updatestats (Update Statistics) for your database and I think the issue with your jobs hang will be solved.
DMU_K2_importXXX table are coming from hang imports ...you can delete these tables because it is just growing the size of database and for sure are not used anymore.
Regards
Sorin Radulescu -
Cisco ISE-3315-K9 version 1.1.1.268 upgrade to 1.2.0.899
Hi Dears,
I have two ISE devices. One of them sofware is 1.1.1.268 and one of them is 1.2.0.899. Now i want upgrade ISE 3315 software 1.1.1268 to 1.2.0.899.
How can I do that?? Please help me.First, Create a repository in the ISE WebGUI by going to Administration > System > Maintenance and clicking Repository on the Left Menu:
Click the +Add button and then fill out the configuration for the repository:
Note that my repository name is Upgrade.
Download the ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz file and place it in the location you configured in your repository.
Perform a backup of your ISE.
Install the latest patches for v1.1.1
Log in to the CLI and issue the following command:
application upgrade ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz Upgrade
Wait.
Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.Charles Moreton -
ISE 3315 License needed for integration with PxGrid SealthWatch
Hello Experts,
i have ISE 3315 with Version 1.3
i want to integrate it with pxgrid and ordering Sealthwatch. Can anyone tell me do i need To have ISE Advance-License for this integration ? Or with ISE Base-License it can work?
ThanksISE License Packages
Perpetual/Subscription (Terms Available)
ISE Functionality Covered
Notes
Base
Perpetual
Basic network access: AAA, IEEE-802.1X
Guest management
Link encryption (MACSec)
TrustSec
ISE Application Programming Interfaces
Plus
Subscription (1, 3, or 5 years)
Bring Your Own Device (BYOD) with built-in Certificate Authority Services
Profiling and Feed Services
Endpoint Protection Service (EPS)
Cisco pxGrid
Does not include Base services; a Base license is required to install the Plus license.
Apex
Subscription (1, 3, or 5 years)
Third Party Mobile Device Management (MDM)
Posture Compliance
Does not include Base or Plus services; a Base license is required to install the Apex license.
Note
When you use Cisco AnyConnect as unified posture agent across wired, wireless, and VPN deployments, you need Cisco AnyConnect Apex user licenses in addition to Cisco ISE Apex licenses.
Mobility
Subscription (1, 3, or 5 years)
Combination of Base, Plus, and Apex for wireless and VPN endpoints
Cannot coexist on a Cisco Administration node with Base, Plus, and/or Apex Licenses.
Mobility Upgrade
Subscription (1, 3, or 5 years)
Provides wired support to Mobility license
You can only install a Mobility Upgrade License on top of an existing Mobility license.
Evaluation
Temporary (90 days)
Full Cisco ISE functionality is provided for 100 endpoints.
All Cisco ISE appliances are supplied with an Evaluation license. -
In ISE (ise-3315) low reliability
Hello.
What will happen if ise- 3315 broke one HDD? In ISE low reliability - RAID no. How can a server for security do without RAID?
How can we improve reliability?The best solution is going for the higher appliance or VMware solution for reference kindly see the following details
Cisco Identity Services Engine Hardware Specifications
Cisco Identity Services Engine Appliance 3315 (Small)
Cisco Identity Services Engine Appliance 3355 (Medium)
Cisco Identity Services Engine Appliance 3395 (Large)
Processor
1 x QuadCore Intel Core 2 CPU Q9400 @ 2.66 GHz
1 x QuadCore Intel Xeon CPU E5504 @ 2.00 GHz
2 x QuadCore Intel Xeon CPU E5504 @ 2.00 GHz
Memory
4 GB
4 GB
4 GB
Hard disk
2 x 250-GB SATA HDD
2 x 300-GB SAS drives
4 x 300-GB SFF SAS drives
RAID
No
Yes (RAID 0)
Yes (RAID 0+1)
Removable media
CD/DVD-ROM drive
CD/DVD-ROM drive
CD/DVD-ROM drive
Network Connectivity
Ethernet NICs
4 x Integrated Gigabit NICs
4 x Integrated Gigabit NICs
4 x Integrated Gigabit NICs
10BASE-T cable support
Cat 3, 4, or 5 unshielded twisted pair (UTP) up to 328 ft (100 m)
Cat 3, 4, or 5 UTP up to 328 ft (100 m)
Cat 3, 4, or 5 UTP up to 328 ft (100 m)
10/100/1000BASE-TX cable support
Cat 5 UTP up to 328 ft (100 m)
Cat 5 UTP up to 328 ft (100 m)
Cat 5 UTP up to 328 ft (100 m)
Secure Sockets Layer (SSL) accelerator card
None
Cavium CN1620-400-NHB-G
Cavium CN1620-400-NHB-G
Interfaces
Serial ports
1
1
1
USB 2.0 ports
4 (two front, two rear)
4 (one front, one internal, two rear)
4 (one front, one internal, two rear)
Video ports
1
1
1
External SCSI ports
None
None
None
System Unit
Form factor
Rack-mount 1 RU
Rack-mount 1 RU
Rack-mount 1 RU
Weight
28 lb (12.7 kg) fully configured
35 lb (15.87 kg) fully configured
35 lb (15.87 kg) fully configured
Dimensions (H x W x L)
1.69 x 17.32 x 22 in.
(43 x 440 x 55.9 mm)
1.69 x 17.32 x 27.99 in.
(43 x 42.62 x 711 mm)
1.69 x 17.32 x 27.99 in.
(43 x 42.62 x 711 mm)
Power supply
350W
Dual 675W (redundant)
Dual 675W (redundant)
Cooling fans
6; non-hot plug, nonredundant
9; redundant
9; redundant
BTU rating
1024 BTU/hr (at 300W)
2661 BTU/hr (at 120V)
2661 BTU/hr (at 120V)
Compliance
FIPS
Uses FIPS 140-2 Level 1 validated cryptographic modules
Uses FIPS 140-2 Level 1 validated cryptographic modules
Uses FIPS 140-2 Level 1 validated cryptographic modules
Cisco Secure Network Server 3415 (Small) - New
Cisco Secure Network Server 3495 (Large) - New
Processor
1 x Intel Xenon Quad-Core 2.4 GHz E5-2609
2 x Intel Xenon Quad-Core 2.4 GHz E5-2609
Memory
16 GB
32 GB
Hard disk
1 x 600GB 6Gb SAS 10K RPM
2 x 600GB 6Gb SAS 10K RPM
RAID
No
Yes (RAID 0+1)
CD/DVD-ROM drive
No
No
Network Connectivity
Ethernet NICs
4 x Integrated Gigabit NICs
4 x Integrated Gigabit NICs
10/100/1000BASE-TX cable support
Cat 5 UTP up to 328 ft (100 m)
Cat 5 UTP up to 328 ft (100 m)
Secure Sockets Layer (SSL) accelerator card
None
Cavium CN1620-400-NHB-G
Interfaces
Front Panel Connector
1 x KVM console connector (supplies 2 USB, 1 VGA, and 1 serial connector)
1 x KVM console connector (supplies 2 USB, 1 VGA, and 1 serial connector)
Additional Rear Connectors
Additional interfaces including a VGA video port, 2 USB 2.0 ports, an RJ45 serial port, 1 Gigabit Ethernet management port, and dual 1 Gigabit Ethernet ports
Additional interfaces including a VGA video port, 2 USB 2.0 ports, an RJ45 serial port, 1 Gigabit Ethernet management port, and dual 1 Gigabit Ethernet ports
System Unit
Form factor
Rack-mount 1 RU
Rack-mount 1 RU
Weight
35.6 lbs (16.2 kg)
26.8 lbs (12.1 kg)
35 lb (15.87 kg) fully configured
Dimensions (H x W x L)
1.7 x 16.9 x 28.5 in.
(4.32 x 43 x 72.4 cm)
1.7 x 16.9 x 28.5 in.
(4.32 x 43 x 72.4 cm)
Power supply
650W
Dual 650W (redundant)
Cooling fans
5
5
Temperature: Operating
32 to 104°F (0 to 40°C) (operating, sea level, no fan fail, no CPU throttling, turbo mode)
32 to 104°F (0 to 40°C) (operating, sea level, no fan fail, no CPU throttling, turbo mode)
Temperature: Nonoperating
-40 to 158°F (-40 to 70°C)
-40 to 158°F (-40 to 70°C)
Compliance
FIPS
Uses FIPS 140-2 Level 1 validated cryptographic modules
Uses FIPS 140-2 Level 1 validated cryptographic modules -
Hello,
two years ago I wanted to buy ISE-3315 and when we prepared order we were told we have to order following components:
- ISE-3315-K9
- L-ISE-ADV3Y-100=
Today ISE-3315 is EOS and the solution for small business is ISE-3415. The problem is we have to order following components:
- SNS-3415-K9
- SW-3415-ISE-K9 Cisco ISE Software version 1.2 for the SNS-3415-K9
- L-ISE-ADV-S-100=
The main problem is the new solution costs almost 50% more. Can someone confirm that it is correct? Or maybe I had wrong information two years ago with ISE-3315.
BTW - I need the appliance for lab and study. Do we need to buy a full license in this case?
Thank you
HubertYes you can buy the appliance and then install the trial version. just keep in mind that once the trial time has run out you must buy the license to continue to use the features that were available with the trial version.
If using VMware, you can rollback to a snapshot prior to the installation of the ISE and reinstall the trial license and continue to use it for your studies.
Of course, if you have a budget that will allow you to buy the appliance and a full license that is provided by the trial license, then go for it. But if you want to save some money then the VMware is the way to go.
Please remember to select a correct answer and rate helpful posts -
Hi
Can Anybody can update whether ISE-3315-K9 with ise version: Service Engine: 1.0.4.573 , supports the command level accounting
Bascially , we have integrated Cisco Switches with Cisco ISE for Device Authentication using Radius , we are able get the authentication logs on to the devices , but for any command changes or update done on Cisco devices we are not able to get the command accounting ..
has succeed in command level accounting on Cisco ISE ..
Please update
Cisco ISE doesn't have TACACS feature ...Command Accounting is a TACACS+ feature so not for ISE....yet.
However, you can do the following to send commands to syslog and not including passwords (hidekeys). I just picked 200 commands/lines to store in the local command buffer/log. increase or decrease as you have memory. The notify syslog is what sends it via syslog.
conf t
archive
log config
logging enable
logging size 200
hidekeys
notify syslog
end
wr mem
Remember, syslog is clear text :-) log away from user traffic when possible. Or use TLS based syslog when possible.
I hope you find this answer useful, if it was satisfactory for you, please mark the question as Answered.
Please rate post you consider useful.
-James -
IDoc Error IDocs showing the status 53 "Application Document Posted".
Hi All
IDocs showing the status 53 "Application Document Posted". But values are not updated in SAP.
Plaese sugggest on this,
Thanks
Ajit K BarikAjit, there might have been a dump--check in ST22 or a update termination error, check in SM13.
Either of these you'll have to take help of your ABAP consultant to analyse.
Regards,
Raghu. -
Hi,
I have two ISE-3315 Appliances in production network.
I need someone's help to explain, how to make the Secondary node as the primary admin note to reset-config.
And then I would like to know how to keep the license files and Certificate during the Upgrade.
Please help me to answer my questions.
Thanks
CSCO11872447The Cisco Identity Services Engine (ISE) provides distributed deployment of runtime services with centralized configuration and management. Multiple nodes can be deployed together in a distributed fashion to support failover.
If you register a secondary Monitoring ISE node, it is recommended that you first back up the primary Monitoring ISE node and then restore the data to the new secondary Monitoring ISE node. This ensures that the history of the primary Monitoring ISE node is in sync with the new secondary node as new changes are replicated.
Please Check the below configuration guide for Secondary ISE- Nodes.
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.pdf -
Hi all,
I hope someone can help me out with the following question;
We want to buy a ISE-3315-K9 for 500 end-devices.
In the price-list I found the ISE-3315-K9 but cannot find the base license: L-ISE-BSE-500=. (I think I need this license)
Will the shipment of the ISE-3315-K9 includes a 3000 end-points base license (maximum support of the ISE-3315) or do I need to order the base 500 license seperately?
Thanks in advance,
Erik Verkerk.Cisco ISE comes with a built-in evaluation license, which is valid for 90 days. The evaluation license includes both base and advanced packages and limits the number of endpoints to 100 for both the base and advanced packages
ISE 3315 is End-of-Sale
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11640/eol_C51-728424.html
For 500 endpoint support (basic funtionality ) you need to buy L-ISE-BSE-500=
https://apps.cisco.com/WOC/WOConfigUI/pages/configset/configset.jsp -
SealthWatch intrgration with Cisco ISE-3315
Hello Experts,
i have Cisco ISE-3315 version 1.3
Can i order and SealthWatch Lancop and use it with this series of ISE 3315 ? Or i must have SNS ?Hi Imran-
The 3315 appliance supports all personas running ISE 1.3
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/release_notes/ise13_rn.html#pgfId-527567
Now, with that being said, keep in mind that this appliances has a lot less resources compared to the SNS appliances. Thus, if you are planning on running all personas on it then you will be greatly limited to the number of concurrent endpoints.
Thank you for rating helpful posts! -
ISE certificate export problem (stops ISE App Server process?)
I am trying to export certs for backup on a distributed ISE deployment.On every box of every type of node when I attempt a backup with or without the private key, nothing happens, but the GUI stops. After checking the "sh app status ise" on the CLI I notice that it now says "ISE Application Server process is not running." After a few minutes the process starts again by itself and the GUI starts working by I dont recive any cert export.
Anybody got any ideas?
thanks
NickHi Jatin,
I did an upgrade of a distributed deployment today. After a deregister of the first admin/monitoring node I was able to export the certificate including the keys for this machine. Hower this didn't work for the PSN nodes in standalone mode. Also after the upgrade to version 1.1.4 - patch 1, trying to export the identity certificate with the keys included causes a stop/start of the ISE application. It doesn't matter if the units are in standalone mode or added to the deployment. The only difference is that the PSN nodes run as a VM wereas the pap/mnt nodes are 3395 appliances.
Sent from Cisco Technical Support iPhone App -
In Message Monitoring Message showing holding status
Hi
Can anyone solve this problem.Its urgent for me.
My scenario is IDoc->XI->FILE
The file i am trying to generate is an xml file which i am dropping in XI application server using File system.
The problem is when i am going to see the message using transaction SXMB_MONI the perticular message interface is showing waiting for acknowladgement status .
But in message monitoring in runtime workbench the it is showing following status:
Adapter Engine
<b>Holding</b>
18.11.2005 05:42:09
CORP_SAP_DR2_030 http://limited.com/usa/sap_appl/retail/VendorsSAPAPOToMANU
MIIA_Create
BS_MANU
I am in SP14.
Also the output xml file is not getting created in the XI application server.
Please let me know the solution.
Thanks
Debraj RoyHi Debraj
HOLDING is a status which occurs normally for EOIO (Exactly Once In Order), so your message is set to Holding means some earlier message has not gone through. So until those messages are through this message will be in HOLDING state.
Have a look at this link which explains how to handle such scenarios.
http://help.sap.com/saphelp_nw04/helpdata/en/49/e3fb40ef74f823e10000000a155106/content.htm
cheers
Sameer
Assign points if it helped you
Maybe you are looking for
-
just have a quick question, I am in a family plan with my parents and brother, and I was wondering can i upgrade to the new iphone 4s if it hasnt been 2 years yet? my mom is the primary holder of the account. i have the iphone 4 now and would like th
-
How to use 'REQUEST' value on PL/SQL
Hi All, I have assigned 'SEARCH' as button request to search button. I want to use this value in PL/SQL some thing like IF REQUEST='SEARCH' THEN --do something ELSE --do something else END IF; Can any one suggest how to access the 'REQUEST' value? Th
-
my phone went on switch off mode since yesterday and not able to put on again till now.
-
StringBuffer.toString() not giving complete string in servlet
Hi. I have a servlet that logs various things into a StringBuffer. At the end of the servlet doPost(), I do a sb.toString() and stick the string into a database. My problem is, the toString() seems to give me incomplete strings at times when there is
-
Not able to see rollback segment in oracle 10g
hi all I created rollback segment by using command CREATE ROLLBACK SEGMENT rs1 TABLESPACE rbs_ts and made it online but not able to see segment name by using select * from dba_rollback_segs Please help me Ragards Edited by: 174313 on Dec 1, 2008 3:19