ISE NODE NOT REACHABLE when building distributed deployment

Similar Messages

• ISE 1.1.3.124 secondary node not reachable after registration

  G'day All,
  I'm constantly seeing that the sync and replication status for my secondary admin/monitor node in the primary node as node not reachable. The secondary still thinks it is in standalone mode. When I run the ISE diag tool connectivity tests I am able successfully ping the devices from each other using both hostname and ip and the nslookup also works fine between both nodes. Ping and nslookups also work from different networks within the environment. The two nodes are in the same vlan on a 6500 vss pair but on different switches of the pair. I'm new to ISE so any help is greatly appreciated.
  Thanks All.
  JS
  Sent from Cisco Technical Support iPhone App

  Hi Saurav,
  Thanks for your prompt repsonse...
  I have worked through that section of the document. The registration completes successfully, I've got NTP sync on both nodes and the system time on both nodes is identical.
  I am only using the self signed certificates, but following the user guide instructions I have imported the secondary's cert into the primary node.
  Just as of about 30 minutes ago, I saw an alarm on the Secondary ISE node stating that a Slow or Stuck Replication has been detected...
  As I said in the original post, I can ping the fqdn's from each other so it appears that the DNS requirements have been satisfied.
  I've changed the admin account password, I am certain that the ISE DB passwords are correct and the same on both nodes and the timezones for both nodes is the same also....
  It looks to me that registration is fine, but the first full replication isn't completing successfully
  Thanks,
  JS

• NODE-NOT-REACHABLE on ISE

  Primary ISE node (Serving Admin and Monitor personas) is showing two of the PSNs as "NODE-NOT-REACHABLE" under Replication Status on Deployment page on GUI. It can ping the PSNs and PSNs are actually registered to the Primary admin/monitor node. How can I fix this?
  Thanks,
  Kashish

  Hi,
  I found the issue on ny network and it was due to a different dns record.
  Simple way to check is issuing a dns lookup from admin node cli of the problem node. Then repeat from problem node attempting to resolve admin node.
  Then if that looks good you can issue the command on both nodes...
  Show logging application ise tail,
  That output should give you a listing of the nodes in the ise deployment and the ip addresses of each node.
  Thanks.
  Sent from Cisco Technical Support Android App

• Ise node not becoming standalone after deregistration

  I am seeing a weird problem.
  I deregistered secondary admin/monitor node from primary admin/monitor node. I see successfully deregistered message.
  But the deregistered node is still showing SEC(A) and SEC(M). It is not changing to standalone mode.
  This is disrupting the upgrade of distributed deployment of ISE nodes.
  Any clues?

  Bug details:
  Secondary node never becomes standalone after de-registration
  The secondary node is de-registered successfully but a "The following deregistered nodes are not currently reachable: . Be sure to reset the configuration on these nodes manually, as they may not revert to Standalone on their own." message appears to the administrator.
  Workaround   Log in to the administrator user interface with internal Cisco ISE administrator credentials when de-registering a node.
  Actually we had two accounts in web gui, nodes were registered using one account and during upgrade, i used different account , which triggered this bug.

• ISE 1.1.1 firewall rules distributed deployment

  My question is in reference to the following link:
  http://www.cisco.com/en/US/docs/security/ise/1.1.1/installation_guide/ise_app_e-ports.html
  Basically I am struggling in some areas to work out my firewall rules for a distributed deployment. The referenced documentation is not entirely clear in my opinion. In some instances it is easy to work out what ports need to be opened eg Admin node TCP 22,80,443 for management from administrator hosts/ranges. In other instances it difficult to work out eg TCP 1521 Database listener and AQ is this for ISE nodes only or for access devices aswell
  My question is whether there is a better document that details these requirements. What rules are meant to be ISE node - ISE node communications and which rules are for access device - ISE, or ISE - access device. One of the rules I am pretty confused about is the PSN CoA ports. SHould the rule be WLC - PSN on 1700 and 3799 or is it the otherway round or unidirectional?
  I am pretty sure that the ports are meant to be ISE-ISE in most instances barring the PSN for Radius and CoA.

  Try this for size.
  In answer to the specific CoA question, I see no need for the WLC to send CoA to PSN, so just PSN to WLC as far as I can see.
  You might be able to cut this list down, and you might have to add to it for any specific requirements.
  From PSN to AD (potentially all AD nodes):
  TCP 389, 3268, 445, 88, 464
  UDP 389, 3268
  From PSN to Monitoring nodes:
  TCP 443
  UDP 20514
  PSN to Admin Nodes (2Way):
  TCP 443, 1521
  ICMP echo and reply (heartbeat)
  WLC to PSN:
  TCP 443, 8443, 80, 8080
  UDP 1645, 1646, 1812, 1813, 1700, 3799, 161, 162, 9993, 67
  PSN to other PSN’s (2 way)
  UDP 30514, 45588, 45990
  Endpoint (Laptop) to PSN (Guest laptops just need to get to external PSN’s, internal users just to internal PSN’s)
  TCP 8443, 8905
  UDP 8905
  Admin/Sponsor to all ISE nodes:
  TCP 22, 80, 443, 8080, 8443
  UDP 161
  PSN access to DNS servers:
  TCP/UDP 53
  PSN access to NTP servers:
  UDP 123

• Getting Java error when build and deploy through eclipse designer.

  hello,
  My while activity looks like this -
  <while condition="bpws:getVariableData(&quot;integer&quot;)&lt;=count(bpws:getVariableData('GetRCItem-GetItemResponse', 'parameters', '/schemattwebservices:GetItemResponse/schemattwebservices:return/schemattwebservices:extendedFieldList[schemattwebservices:name=&quot;LIST_OF_TASKS&quot;]')/schemattwebservices:values)" name="ProcessRCTasks">
  It passes the validation but fails when I click on build and deploy.
  D:\dev\admin.console.trunk\workspace\ServiceFlow\temp\bpelc42058.tmp\BPEL-INF\src\bpel\p0\BPEL_BIN.java:2129: ';' expected.
  [bpelc] return "bpws:getVariableData("integer")<=count(bpws:getVariableData('GetRCItem-GetItemResponse', 'parameters', '/schemattwebservices:GetItemResponse/schemattwebservices:return/schemattwebservices:extendedFieldList[schemattwebservices:name="LIST_OF_TASKS"]')/schemattwebservices:values)" ;
  Please let me know what is wrong here and why is it giving me that java error? It should be better in reporting error and give it in BPEL terms.
  - Meghana

  I switched my compiler to use Oracle's bundled jre but I still get following 2 errors -
  [bpelc] D:\dev\admin.console.trunk\workspace\ServiceFlow\temp\bpelc33065.tmp\BPEL-INF\src\bpel\p0\BPEL_BIN.java:2129: ';' expected.
  [bpelc] return "bpws:getVariableData("integer")<=count(bpws:getVariableData('GetRCItem-GetItemResponse', 'parameters', '/schemattwebservices:GetItemResponse/schemattwebservices:return/schemattwebservices:extendedFieldList[schemattwebservices:name="LIST_OF_TASKS"]')/schemattwebservices:values)" ;
  [bpelc] ^
  [bpelc] D:\dev\admin.console.trunk\workspace\ServiceFlow\temp\bpelc33065.tmp\BPEL-INF\src\bpel\p0\BPEL_BIN.java:2982: ';' expected.
  [bpelc] return "bpws:getVariableData("index2")<=count(bpws:getVariableData('GetRCTaskItem-GetItemResponse', 'parameters', '/schemattwebservices:GetItemResponse/schemattwebservices:return/schemattwebservices:extendedFieldList[schemattwebservices:name="ZMF_PACKAGES"]')/schemattwebservices:values)" ;
  [bpelc] ^
  [bpelc] 2 errors
  Any idea? I have already pasted my while condition which has this condition on it. Second while is similar to first one.
  Thank you.
  - Meghana

• Clusterware Installation (Nodes not reachable....) 10G R2 on Windows

  Hello Guys,
  I am struck with this problem for quite a long time... I am installing Oracle Clusterware 10G R2 on windows 2000 operating system.
  Well i have setup my public, private and virtual IP correctly, i can ping anyone of them.
  During installation when it comes to the screen "Specify Cluster Configuration" i have entered the correct information of IPs on each node BUT when i click next button it says "
  The following nodes do not appear to be reachable
  rac1-vip
  rac2-vip
  Please check that nodes in the list are up and reachable
  while i can ping rac1-vip.beaconhouse.edu.pk and rac2-vip.beaconhouse.edu.pk from both nodes and also the underlying IPs of these names.
  Please help me to come out of this problem as i am struk with it.... cant continue installation while i have checked everything again and again...
  Please Help...
  Regards,
  Imran Baig

  This thread has already been answered at the DB General forum here: Re: During RAC Installation (Following Nodes do not appear to be reachable.
  ~ Madrid

• Embedded fonts not displaying when building project via mxmlc

  I have a flex 3 project and I'm trying to upgrade it to flex 4.6 sdk. I have a number of embedded fonts in my application. These display fine when I build via Eclipse/Flash builder. When I build using mxmlc the embedded fonts are not being used. I build the fonts in the same way for both so I am assuming there is some compiler option which I am missing, or which I have that is causing the problem. I've tried every compiler option I can think of and now I'm at a dead end...
  <target name="compile" depends="getswcs, compilemodules"> 
       <echo message="mxmlc=${mxmlc}"/>
       <echo message="flex.lib.dir=${flex.lib.dir}"/>
       <echo message="flex.extlib.dir=${flex.extlib.dir}"/>
       <echo message="flex.locale=${flex.locale}"/>
       <echo message="flex.locale.dir=${flex.locale.dir}"/> 
       <exec executable="${mxmlc}" dir="${basedir}" failonerror="true">
            <arg line="'src/${main}'" />
            <arg line="-o 'bin/${component.lowercase.name}.swf'" />
            <arg line="-l+='${flex.lib.dir}'" />
            <arg line="-sp src" /> <arg line="-accessible" />
            <arg line="-strict" />
            <arg line="-el '${flex.extlib.dir}'" />
            <arg line="-compatibility-version=3.0.0" />
            <arg line="-target-player '11.1'" />
            <arg line="-include-libraries+=lib" />
            <arg line="-locale ${flex.locale}" />
            <arg line="-l+='${flex.locale.dir}'" />
       </exec> 
  </target>
  The compileModules builds my fonts, for example:
  <exec executable="${mxmlc}" dir="${basedir}" failonerror="true">
       <arg line="fonts/OCRAEXT.as" />
       <arg line="-static-link-runtime-shared-libraries" />
       <arg line="-o bin/lib/OCRAEXT.swf" />
  </exec>`
  as file:
  public class OCRAEXT extends Sprite {
       [Embed(source='OCRAEXT.TTF', fontName='_OCRAEXT', embedAsCFF='false', unicodeRange='U+0030-U+0039,U+002E,U+002F,U+20AC')]
  public static var font:Class; }
  I don't think there's an issue here, since the fonts are already built via my compileModules before building the application in Eclipse, where the fonts display correctly.

  Try comparing SWF sizes and link-reports.

• Tree nodes not updating when stopEditing called

  I am getting some unusual issues with trees and inline editing. I have added my own component, a JPanel with a text field, check box and combo box. When the user edits or adds a new item to the tree, the editor shows up fine. When they click off of the node, I have it set to ACCEPT the edit (not cancel it). When ESC is pressed, everything is fine. When they click off of a node while adding/editing, the item is saved properly to the node, but it's not until I click on another node that the node just edited gets redrawn. Also, I added my won keyPressed handler so that if they hit ENTER or any of the components for my custom editor, it calls tree.stopEditing() as if they clicked off of it, to accept it. Both cases, the node doesn't get redrawn.
  When I put a tree.updateUI() at the end of the stopEditing() or cancelEditing() method, I get a nice fast stack trace from the BasicUI@MouseListner:handleListSelection. So it appears calling tree.updateUI() while inside of a method being handled due to an evetn, causes problems. My guess is that firing off another event while inside of an event handler may not be allowed?
  When I try tree.repaint() and tree.invalidate(), it seems to work when I click off of the node, but when I press ENTER on my custom editor, which calls the same stopEditing() method as clicking off of a node does, it doesn't repaint.
  Any help would be appreciated? I update the panel the tree is in as well, so I am lost as to why it wont update properly.

  here is the stack trace I get. Man this bugs me, it doesn't seem to break anything, yet it keeps showing up:
  java.lang.NullPointerException
       at javax.swing.plaf.basic.BasicTreeUI$MouseHandler.handleSelection(BasicTreeUI.java:2815)
       at javax.swing.plaf.basic.BasicTreeUI$MouseHandler.mousePressed(BasicTreeUI.java:2801)
       at java.awt.AWTEventMulticaster.mousePressed(AWTEventMulticaster.java:218)
       at java.awt.Component.processMouseEvent(Component.java:5131)
       at java.awt.Component.processEvent(Component.java:4931)
       at java.awt.Container.processEvent(Container.java:1566)
       at java.awt.Component.dispatchEventImpl(Component.java:3639)
       at java.awt.Container.dispatchEventImpl(Container.java:1623)
       at java.awt.Component.dispatchEvent(Component.java:3480)
       at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:3450)
       at java.awt.LightweightDispatcher.processMouseEvent(Container.java:3162)
       at java.awt.LightweightDispatcher.dispatchEvent(Container.java:3095)
       at java.awt.Container.dispatchEventImpl(Container.java:1609)
       at java.awt.Window.dispatchEventImpl(Window.java:1590)
       at java.awt.Component.dispatchEvent(Component.java:3480)
       at java.awt.EventQueue.dispatchEvent(EventQueue.java:450)
       at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:197)
       at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:150)
       at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:144)
       at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:136)
       at java.awt.EventDispatchThread.run(EventDispatchThread.java:99)

• Jpeg image loaded with Loader- loadBytes() does not display when app is deployed on remote server

  I am loading a JPEG  image from the server, using the Loader->loadBytes() and that works when the app is deployed under my local Tomcat server.  When I deploy it on other servers the image is not displayed,  instead of the image I see II*
  On the server side I have java, Spring, BlazeDs and I use RemoteObject on the client.
  The code that loads the image looks like below:
  private function imageLoadResultHandler(event:ResultEvent):void {
      var result:ArrayCollection = event.result as ArrayCollection
      var bytes : ByteArray = result.getItemAt(0) as ByteArray;
      _loader = new Loader();
      _loader.contentLoaderInfo.addEventListener(Event.COMPLETE, loaderCompleteHandler);
      _loader.contentLoaderInfo.addEventListener(IOErrorEvent.IO_ERROR, loaderFaultHandler);
      _loader.loadBytes(bytes);
  private function loaderCompleteHandler(event:Event):void {
      var loaderInfo:LoaderInfo = event.currentTarget as LoaderInfo;
      var img:Image = new Image();
      img.source = loaderInfo.content;
      myPanel.addChild(img);
  <mx:RemoteObject id="ro" destination="imageLoadService">
       <mx:method name="loadImage" result="imageLoadResultHandler(event)" fault="faultHandler(event)" />
  </mx:RemoteObject>
  Any help with this problem is much appreciated.
  Thank you,
  Lumi Velicanu

  Hi Dmitri,
  Thank you for the prompt reply, your question about the jpeg content was a helpful pointer.
  I solved the problem, it had nothing to do with flex, it was all on the java side. The image was obtained from converting a TIFF to a JPEG, the conversion was failing and the flex loader was receiveing a tiff and it did not know how to display it.
  The java problem was kind of interesting, I'll post it here as an FYI in case anybody cares :
  On my server the first writer returned by ImageIO was an instance of JPEGImageWriter and on the other servers was CLibJPEGImageWriter. And it happens that  only JPEGImageWrite can write the type of TIFF that we are having.
  The fix was to iterate through all the writers and pick the instace of JPEGImageWrite, instead of the first one found.
  Lumi

• Encore cs5 motion menus not working when build to flash

  Hello my question is this, I have created a dvd in encore cs5. I have created motion menus in AE.
  Everything works great when I build to DVD. However when I export to flash my animated menu is working but the buttons (play move, chapter select , extras) do not show up until the animation is complete. Is this a simple fix? or should I make the menus static?

  Hmm... what version of the Flash Player are you testing with
  (full version, including release number)? You can find out which
  version you're using here:
  http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_15507
  -Robert

• Wifi related files not found when building cyanogenmod 7.2

  Hi all,
  I try to build cyanogenmod 7.2 for my Neo following the "build for hallon" wiki.
  Before building the system together, I'm supposed to extract Sony proprietary blobs from the phone using ./extract-files.sh.
  My Neo is rooted and the bootloader is unlocked.
  I'm running Sony ROM 4.0.2.A.0.62.
  When retrieving the files, I get the following messages for three of them :
  remote object '/system/etc/wifi/tiwlan.ini' does not exist
  remote object '/system/etc/wifi/tiwlan_firmware.bin' does not exist
  remote object '/system/etc/wifi/softap/tiwlan_firmware_ap.bin' does not exist
  Could somebody tell me whether it's a problem and what to do ?
  Are those files needed (for 2.3.x) ? If yes, how can I get them ?
  Regards,
  Laurent

  This is not my area of expertise but i recommend that you check the following thread for advise if you haven't done so already: http://forum.xda-developers.com/showthread.php?t=1205141.
  I'm also moving your thread to Android development.
   - Official Sony Xperia Support Staff
  If you're new to our forums make sure that you have read our Discussion guidelines.
  If you want to get in touch with the local support team for your country please visit our contact page.

• Datasource drop down is not available when trying to deploy epma app

  greetings,
  i created a datasource for Planning. The app in the app library has been created, and validates correctly. When I try to deploy, after entering all parameters in the 'deploy' window, the datasource drop down shows blank.
  When I try to create a new one from the same window (although I created one earlier), I get an error msg that Special characters are not allowed.
  There are no special characters, the sql server info I enter is SERHYPC3\SQLins3, along with the DB and user name, which are all standard ascii chars.
  Anyone that's come accross, pls let me know. Many thanks.
  cg

  Am I correct in assuming that your SQL server instance is a named instance and not the default? If so maybe that is causing an issue.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• .jar not working when building project with netbeans plugin and log4j

  hey..
  subject tells everything..if i build my project referencing log4j, i get a .jar file with 280 kb which is executable
  if i add log4j and do some logging, code still works in netbeans, but buildung produces a .jar with 80 kb and an
  attached lib-folder with the log4j.jar in it..if i uncheck copy requested libraries, i just get the 80 kb .jar file which
  is not working
  any hints?

  Are you building the jar file using the fxdeploy ant task to build the Jar? That is required to have an executable jar file.
  Also there was a change to the netbeans project structure, which may be a contributing factor.
  Things to try: Upgrade to the latest netbeans 7.1 beta build, set up a new Java platform in nb that includes JavaFX, create a new JavaFX project and build it. This should produce an executable jar.

• Browse Sequencing Not Displaying When Help is Deployed

  I see the Browse Sequence, but when the .chm is deployed in
  the DEV environment, no other user sees it. Why would this happen?
  Thanks.

  Hi, thegup55,
  I believe you may need to install and register the file
  HHActiveX.dll in order for browse sequences and other RoboHelp
  add-ons to function. See this Knowledge Base article:
  http://kb.adobe.com/selfservice/viewContent.do?externalId=rb_35580
  Pete