ISE - Loss of All Nodes in a Distributed Deployment, Recovery Using New IP Addresses and Hostnames

Similar Messages

• Made a new iTunes address, and added new payment details, old apps won't update because my old signin pops up! Even tho in settings on on first page it's my new name? How can I remove the old signin name even if it takes all apps paid and free with it!!

  Made a new iTunes address, and added new payment details, old apps won't update because my old signin pops up! Even tho in settings on on first page it's my new name? How can I remove the old signin name even if it takes all apps paid and free with it!! Don't care if I have to lose all previous apps just don't want to be hassled with updates!

  You can't all apps are tied to the apple id that was used to purchase/download it.

• ALL the Icons disappear for seconds after using five-finger-gesture and swipe to another page in the home screen

  Hello,
  iPad Air, 8.1.2
  This issue has been making me annoyed for a long time...
  You can find the bug by following steps:
  1). Go to Settings APP.
  2). Use five-finger-gesture to close this APP, and quickly swipe to another page of home screen before the icons in the current page haven't dropped down.( I mean...The animation that likes icons dropping down)
  3). You can see ALL the icons will disappear for seconds.
  I've restored the firmware again and again, but it doesn't helped at all...
  And if I turn on the "reduce motion" option, the icons won't disappear.
  And...Some little bugs:
  1) In APP switcher, when swiping up to close APPs, the icon's animation is lost. (I mean...The icons shouldn't disappear without any animations. In iOS7, the icons should have a "closing animation"
  2)In lock screen, press the power button with a very high speed, and you will see the "time" in the lock screen is being appeared and disappeared, appeared and disappeared, appeared and disappeared...
  I hope you can understand me, I'm sorry for my bad English, I'm a middle school student in China, and I have to report these bugs.

  I am not seeing that problem, however, this is a user forum. You aren't talking to Apple here.
  if you want to report a problem to Apple use this: http://www.apple.com/feedback/ipad.html

• New Envy All in One won't let me use my email address to email scans

  Hi, I have just purchased 2 HP Envy 7640 e All in One Series machines.
  Setting up the Scan to email option I have to insert my own email address for it to send me a pin number (and to put on emails it sends out - I think ??) my email is:   [email protected]   I get a message saying "enter a valid email address" I have had this on only a very few sites in the past and believe it is because the domain is numbers only.
  has anyone any suggestions?
  thanks in advance

  Hello Brian567,
  Welcome to the HP Support Forums!
  I understand you are looking to setup Scan to Email on the ENVY 7640, but the Email you are trying to use is not being accepted.
  More than likely the issue is being caused by the Email domain you are trying to enter. Do you have another email with a more common domain to try? For example, Gmail, MSN, etc.
  Cheers,
  JERENDS
  I work on behalf of HP
  Please click “Accept as Solution” if you feel my post solved your issue, it will help others find the solution.
  Click the “Kudos Thumbs Up" to the left of the reply button to say “Thanks” for helping!

• Laptop died so now I have to use my new computer for my iPhone.  Will all my data be lost if I use new computer.

  My laptop died so now I will have to use my new computer for my iPhone 4.  Will all my data be lost?

  https://discussions.apple.com/message/10007431#10007431

• I just changed my I tunes ID to reflect a new email address and made some new purchases.  Now when I go to my library all my previous downloads are missing (over 30 gig worth!).  What's going on?

  Need help please

  I have been having the same issues!
  not to mention... some of the albums are missing songs and some of the songs are pair with different ablum art and under different artist. My Itunes library is a mess now
  I DON'T KNOW WHATS GOING ON!?!?!
  PLEASE HELP!!

• I can't get FaceTime to call out or receive calls on my daughters iPod touch. I have set up a gmail account and apple ID using that gmail address and it is all verifie.  When I try calling her iPod or calling out from the iPod it just rings a few times.

  I can't call out or call on FaceTime on my daughters new iPod touch.  I have set up a new gmail account and set up her apple ID using that email address. Everything is indicating as verified. When I try calling her on FaceTime or use her iPod to call out it just rings a few times then says call failed.

  Troubleshooting FaceTime
  http://support.apple.com/kb/TS3367
  FaceTime... Set Up... Use and Trouble Shooting Guide

• I moved from XP to Windows7 and want to keep all my old emails/folders but have a new email address--how do I do this?

  I have my old profile saved in my cloud backup which I downloaded to my desktop. I also downloaded the most up-to-date version of Thunderbird and created a new email address.

  '''To make an image of a window:'''
  Have the backup window open and in focus.
  Hold down 'Alt' key and press the 'Prt Scr SysRq' key
  Then open a program like 'Paint'; usually located:
  Start> Programs >Accessories
  Then use 'Ctrl+V to paste into Paint.
  Save image as jpg.
  then you can post a reply in this question.
  To add the image, click on 'browse', locate image and clickon 'Open'.
  You can add more than one image.

• CALLING ALL EXPERTS - Connected TWO Actiontec Routers to use one as main and second as GUEST

  Hello Experts-
    I have TWO Actiontec Routers from Fios. I bought the new N one, and I have an old Actiotec that I was previously not using.  So here is what I am trying to do...
  I'd like to leave Router 1 (the New N router) as my primary router (comes from ONT via cat5 wire NOT Coax) and Set-up the second router off the first to be a guest router.  So essentially make it a bridge.
  I can't seem to configure it to work correctly.  
  Can anyone out there give me a step-by-step walkthru on how to configure this second router so I can have them both hooked up, seperate SSID, with one as the Main and the other being the Guest?
  THANK YOU IN ADVANCE!
  Rob
  Solved!
  Go to Solution.

  I'm basically wondering how to change the routers IP address and where the Disable DHCP is within the menus.
  THANKS IN ADVANCE!
  Rob
  To change the IP address of the Local Area network choose:
  My Network
  Network Connections
  Click edit on the row for "Network (Home/)office"
  On the next screen click Settings
  On the next screen you can change the LAN (192.168.1.1) address to something different.
  On the same screen you can disable DHCP too.
  I hope this helps.

• I got a new e-mail address and I reset my iPod so it already has the new email address. I can't seem to change the address on my iPad or iPhone. Please help me change the address on all my devices!

  I got a new email address and I reset the iPod so it already has the new address. I can't seem to change the address on my iPhone5 or iPad. So please help! How do I change the address for my apple ID and icloud on all my devices? I don't want to reset my iPad and phone just to set new email address I can't do updates without the password and I have forgotten my password for my old email address. Please Help! Getting frustarted!

  If the old ID ("email address") is yours, and if your current ID was created by editing the details of this old ID (rather than being an entirely new ID), go to https://appleid.apple.com, click Manage my Apple ID and sign in with your current iCloud ID.  Click edit next to the primary email account, change it back to your old email address and save the change.  Then edit the name of the account to change it back to your old email address.  You can now use your current password to turn off Find My iDevice, even though it prompts you for the password for your old account ID. Then save any photo stream photos that you wish to keep to your camera roll.  When finished go to Settings>iCloud, tap Delete Account and choose Delete from My iDevice when prompted (your iCloud data will still be in iCloud).  Next, go back to https://appleid.apple.com and change your primary email address and iCloud ID name back to the way it was.  Now you can go to Settings>iCloud and sign in with your current iCloud ID and password.

• My Probook has OS X10.4.11 and I can't seem to find 10.5 to update to, all started when i tired new IPOD Nano and said I needed to update, any help?

  This all started when I bought my wife a new Ipod Nano and when I plugged it in the computer told me that I had to update to Itunes 10.4. I went to update and after it downloads I go to open and install it, it says that I have to update to OS X 10.6. So I update to OS X 10.6 and it tells me to update to OS X 10.5. I search for OS X 10.5 and everything is OS X 10.5.1 or later. Any help?

  Hi Darren,
  So you purchased (not a disc from a different Mac) OS X 10.6 Snow Leopard and installed it, yes? If so, 10.5 and 10.4 are completely out of the picture, unless you have some older software which requires something in 10.4 or 10.5 (but you make no mention of that).
  So, with 10.6 installed, go to Applications > Utilities > Disk Utility > select your HD and run Repair Permissions. Allow it to finish > quit DU > go to Apple menu > Software Update > and run all the updates there. Repair Permissions again.
  Post back with any issues.

• Distributed Deployment for components

  We are designing a typical distributed web application using the struts framework and ejb.
  The flow designed is as below :
  StrutsController --> ActionForm --> Action --> Business Delegate (Uses Service Locator) --> Session Facade --> ....
  Details :
  The deployment can be at different machines for web tier and for application tier.
  The query is whether business delegate component should be part of client jar file or it should be part of server jar file.
  I think, business delegate and service locator will be part of client jar file as business delegate is used inside the Struts Action class execute() method. And service locator will be used by busiess delegate to get the session facade.
  If service locator component is required at session facade also then should we keep service locator component in server jar also?
  Thanks in advance.

  I think, business delegate and service locator will be
  part of client jar file as business delegate is used
  inside the Struts Action class execute() method. And
  service locator will be used by busiess delegate to
  get the session facade.did the same thing (exactly ;)), both files should be in client.jar
  If service locator component is required at session
  facade also then should we keep service locator
  component in server jar also?yes. if u look up the home references of other session beans or entity beans (marked as ejb-references in the dd) than u can and should use the service locator.
  regards
  dan
  scpj2

• ISE NODE NOT REACHABLE when building distributed deployment

  I am trying to build a distributed deployment with the following personas:
  2 policy admin nodes
  2 monitoring nodes
  4 policy service nodes
  This was a project that was partially implemented but never in production. It was in a distributed deployment, but half the nodes were no longer working (http errors or devices weren't reachable or could not sync). I decided to start from scratch. All nodes were:
  -de-registered
  -application was reset to factory defaults on all nodes
  -upgraded all 8 nodes to 1.1.4.218 patch 1
  -installed all new certs and joined all nodes to the domain
  -added to DNS forward and reverse lookup zones
  When I make 1 admin node primary and register the other nodes (secondary admin, monitoring, policy services) the nodes successfully register and show up in the deployment window of the primary; however, all the nodes show as NODE NOT REACHABLE. After registration, I've noticed that the registered nodes are still showing as STANDALONE if I access the GUI. I've tried rebooting them manually after registration and they are still unreachable. I have also tried resetting the database user password from the CLI on both admin nodes and the results are always the same.

  Originally I had added them all at the same time. I thought that maybe I just wasn't waiting long enough for the sync. I waited an entire day and all the nodes were still unreachable. At this point, I've de-registered all the nodes, rebooted all the nodes, converted the primary back to standalone (the remaining nodes never converted from standalone to distributed even when I rebooted them after registering despite a message that they were successfully registered), converted one node back to primary and tried to register just the secondary admin node giving it plenty of time to sync; this node is still not reachable from the primary.
  I've quadruple checked the certificates on all the nodes, these certs were all added on the same day (just last week) and the default self-signed certs were removed.
  I had restored from a backup on the primary so I might just rest the config on that node and try joining the other nodes before I restore again.

• Need suggestion for ISE distributed deployment model in two different data centers along with public certificate for HTTPS

  Hi Experts,
  I am bit confused about ISE distributed deployment model .
  I have two data centers one is DC & other one is as a DR I have  requirement of guest access service implementation using CWA and get public certificate for HTTPS to avoid certificate error on client devices :
  how do i deploy ISE persona for HA in this two data centers
  After reading cisco doc , understood that we can have two PAN ( Primary in DC  & Secondary in DR ) like wise for MnT (Monitoring will be as same as PAN ) however I can have 5 PSN running in secondary i.e. in DR ISE however I have confusion about HA for PSN .. since we have all PSN in secondary , it would not work for HA if it fails
  Can anybody suggest me the best deployment solution for this scenario ?
  Another doubt about public certificate :
   Public Certificate: The ISE domain must be a registered or part of a registered domain name on the Internet. for that I need Domain name being used from customer .
  Please do correct me if I am wrong about certificate understanding :
  since Guest will be the outside users , we can not use certificate from internal CA , we need to get the certificate from service provider and install the same in both the ISE servers
  Can anybody explain the procedure to opt the public certificate for HTTPS from service provider ? And how do i install it in both the ISE servers ?

  Hi there. Let me try answering your questions:
  PSN HA: The PSNs are not configured as "primary" or "secondary" inside your ISE deployment. They are just PSN nodes as far as ISE is concerned. Instead, inside your NADs (In your case WLCs) you can specify which PSN is primary, which one is secondary, etc. You can accomplish this by:
  1. Defining all PSN nodes as AAA radius servers inside the WLC
  2. Then under the SSID > AAA Servers Tab, you can list the AAA servers in the order that you prefer. As a result, the WLC will always use the first server listed until that server fails/gets reloaded, etc. 
  3. As a result, you can have one WLC or SSID prefer PSN server A (located in primary DC) while a second WLC or SSID prefer PSN server B (located in backup DC)
  Last but not the least, you could also place PSNs behind a load balancer and that way the traffic would be equally distributed between multiple PSNs. However, the PSN nodes must be Layer 2 adjacent, which is probably not the case if they are located in two different Data Centers
  Certificates: Yes, you would want to get a public certificate to service the guest portal. Getting a public/well known certificate would ensure that most devices out there would trust the CA that signed your ISE certificate. For instance, VeriSign, GoDaddy, Entrust are some of the ones out there that would work just fine. On the other hand, if you use a certificate that was signed by your internal CA, then things would be fine for your internal endpoints that trust your internal CA but for any outsiders (Guests, contractors, etc) that do not trust and do not know who your internal CA is would get a certificate error when being redirected to the ISE guest portal. This in general is only a "cosmetic" issue and if the users click "continue" and add your CA as a trusted authority, the guest page would load and the session would work. However, most users out there would not feel safe to proceed and you will most likely get a lot of calls to your helpdesk :)
  I hope this helps!
  Thank you for rating helpful posts!

• ISE does not register nodes - (blank pop-up window)

  Hello everyone !
  There CiscoISE 1.1.4.218 (all 8 patches) consisting of 6 nodes (2 admin, 2 monitors, 2 policy) on virtual machines.
  When testing failover between policy node, one of policy nodes has been removed from scheme of deployment. The  result of attempting to register this node is the blank warning pop-up  window, progress of registration stops without registration of policy  node (screenshot in attachment). The same
  thing  happens when I try to register a secondary monitoring nodes (that was  removed earlier, like in the case with police node). I  also attach a portion of log file taken from admin node (CLI) in the  moment of attempts registration of police / monitoring nodes.
  In the DNS is ok (defined in both side), all certificates are valid.
  Maybe somebody has already found a similar mistake ?
  Sincerely,
  Andrey

  Please check the following Prerequisites
  The fully qualified domain name (FQDN) of the standalone node that you are going to register, for example, ise1.cisco.com must be DNS-resolvable from the primary Administration ISE node.  Otherwise, node registration will fail. You must enter the IP addresses  and FQDNs of the ISE nodes that are part of your distributed deployment  in the DNS server.
  •The  primary Administration ISE node and the standalone node that you are  about to register as a secondary node should be running the same version  of Cisco ISE.
  •Node  registration fails if you provide the default credentials (username:  admin, password: cisco) while registering a secondary node. Before you  register a standalone node, you must log into its administrative user  interface and change the default password (cisco).
  •You  can alternatively create an administrator account on the node that is  to be registered and use those credentials for registering that node.  Every ISE administrator account is assigned one or more administrative  roles. To register and configure a secondary node, you must have one of  the following roles assigned: Super Admin, System Admin, or RBAC Admin.  See Cisco ISE Admin Group Roles and Responsibilities for more information on the various administrative roles and the privileges associated with each of them.
  •If  you plan to register a secondary Administration ISE node for high  availability, we recommend that you register the secondary  Administration ISE node with the primary first before you register other  Cisco ISE nodes. If Cisco ISE nodes are registered in this sequence,  you do not have to restart the secondary ISE nodes after you promote the  secondary Administration ISE node as your primary.
  •If  you plan to register multiple Policy Service ISE nodes running Session  services and you require mutual failover among those nodes, you must  place the Policy Service ISE nodes in a node group. You must create the  node group first before you register the nodes because you need to  select the node group to be used on the registration page. See "Creating, Editing, and Deleting Node Groups" section for more information.
  •Ensure  that the Certificate Trust List (CTL) of the primary node is populated  with the appropriate Certificate Authority (CA) certificates that can be  used to validate the HTTPS certificate of the standalone node (that you  are going to register as the secondary node). See the "Creating Certificate Trust Lists in the Primary Cisco ISE Node" section on page 12-24 for more information.
  •After  registering your secondary node to the primary node, if you change the  HTTPS certificate on the registered secondary node, you must obtain  appropriate CA certificates that can be used to validate the secondary  node's HTTPS certificate and import it to the CTL of the primary node.  See "Creating Certificate Trust Lists in the Primary Cisco ISE Node" section on page 12-24 for more information.