ISE Troubleshooting and Best Practices/FAQ

Frequently Asked Questions

1. I am able to ping ISE but the GUI doesn't open

Resolution:

Step1: Logon to ISE CLI either by ssh or vmware Console

ISE/admin# show application status ise

ISE PROCESS NAME                       STATE            PROCESS ID

--------------------------------------------------------------------

Database Listener                      running          18828

Database Server                        running          52 PROCESSES

Application Server                     Initializing        22401

Profiler Database                      running          20322

ISE Indexing Engine                    running          22811

AD Connector                           running          24430

M&T Session Database                   running          20230

M&T Log Collector                      running          23715

M&T Log Processor                      running          23603

Certificate Authority Service          running          23110

EST Service                            running          11077

SXP Engine Service                     running          23543

TC-NAC Docker Service                  disabled

TC-NAC MongoDB Container               disabled

TC-NAC RabbitMQ Container              disabled

TC-NAC Core Engine Container           disabled

VA Database                            disabled

VA Service                             disabled

pxGrid Infrastructure Service          disabled

pxGrid Publisher Subscriber Service    disabled

pxGrid Connection Manager              disabled

pxGrid Controller                      disabled

PassiveID Service                      running          24199

DHCP Server (dhcpd)                    disabled

DNS Server (named)                     disabled

IT MAY TAKE UPTO 20 MINUTES FOR THE ISE TO COMPLETE BOOT AND START THE APPLICATION SERVER

2. I am unable to join AD domain from ISE, it gives me a time skew error.

Resolution:

Step1: Make sure that the time on ISE and time on AD are synced

a.) If ISE Is using NTP sever, check the NTP status, see output below

ISE/admin# sho ntp

Configured NTP Servers:

150.1.7.232

synchronised to NTP server (150.1.7.232) at stratum 3

   time correct to within 80 ms

   polling server every 1024 s

     remote           refid      st t when poll reach   delay   offset jitter

==============================================================================

127.127.1.0     .LOCL.          10 l 40h   64    0    0.000    0.000   0.000

*150.1.7.232     150.1.7.231      2 u 519 1024 377    1.241   -0.634   2.987

* Current time source, + Candidate , x False ticker

Warning: Output results may conflict during periods of changing synchronization.

ISE/admin# show clock

Mon Nov 26 01:01:07 UTC 2018

ISE/admin#

b.) Logon to the active directory server and verify the time and timezone in the task bar

Step2: If you dont have a NTP server, then manually set the time on ISE using the following command to match the time on your active directory server

ISE Troubleshooting and Best Practices/FAQ

Frequently Asked Questions

1. I am able to ping ISE but the GUI doesn't open

Resolution:

2. I am unable to join AD domain from ISE, it gives me a time skew error.

Resolution:

Quick Video on how to integrate Active directory with ISE

3. The status of the ISE application server is stopped, what do I do ?

Resolution:

Videos on how to use ISE

Basic Service Verification ( DNS, NTP)

Get Your Self Familiarized with ISE2.1

ISE2.1 Disable Profiling

Contact Info

Services

Support