Solved: Re: ISE v2.4 context visibility issue

Rey- · ‎10-02-2018

Hello,

We have two ISE nodes deployed (I believe in distributed model). They are running v2.4.0.357 (with ISE patch v2). When browsing to the context visibility, we get the following error:

Has anyone run into this same error?

I noticed another discussion with a similar post, but seems a bit different than this one. Was trying to get further info, so when accessing the ISE cli, tried a couple of cmds.

Here is output I see from ISE cli about the application status:

Is the above indicative of expected behavior?

In the tech zone article, came across this:

https://techzone.cisco.com/t5/Identity-Services-Engine-ISE/Context-Visibility-Issues-in-latest-2-x-patches/ta-p/1160469

but based on techzone, when I enter the ISE cli and check the application ise-elasticsearch.log, I don't see the same errors. So not sure if it could be related or something very different.

Is there a way to access the ISE linux shell?

Is a patch or ISE re-install needed?

(note, I didn't update or patch the ISE. if this is needed, does anyone have guidance on where I can access the patches)

Thanks in advance!

Rey- · ‎10-18-2018

Thanks everyone for the help. We figured out what the problem was. So we are using two ISE nodes (primary and secondary) and it seems like the secondary had it's system/trusted certs installed correctly, but the primary ISE node somehow didn't have its trusted cert added correctly. So we went to system certs, exported and reimported via the trusted certs. This fixed the context visibility issue.

We didn't need to reset ISE or reinstall or patch anything further.

View solution in original post

anthonylofreso · ‎10-02-2018

I have not encountered this. Although we run ISE 2.2 vs 2.4 so I may not be the best to answer.

Just going off the error message you show here... what does your Administration > System > Certificates page look like? Trusted & System Certs.

Rey- · ‎10-03-2018

This is what we have for now..

and

Could it be something we are missing?

Nidhi · ‎10-02-2018

This was discussed sometime back here with few suggestions - https://community.cisco.com/t5/cisco-bug-discussions/cscvd38251-unable-to-load-context-visibility-page/td-p/3067112

Kelvin- · ‎10-17-2018

Hi, One reason this can occur is due to not having PTR records on the DNS Server for the nodes. Please check the Forward and Reverse DNS entries and see if this resolves the issue. Thanks Kelvin

Rey- · ‎10-18-2018

Thanks everyone for the help. We figured out what the problem was. So we are using two ISE nodes (primary and secondary) and it seems like the secondary had it's system/trusted certs installed correctly, but the primary ISE node somehow didn't have its trusted cert added correctly. So we went to system certs, exported and reimported via the trusted certs. This fixed the context visibility issue.

We didn't need to reset ISE or reinstall or patch anything further.

BettyTsai · ‎03-14-2021

HI Rey

all system certificates exported and imported?

I'm here 2.6.0.156 v01 suffer from the same problem