You're here probably because of the message you seeing in ISE about Indexing Engine service that failed to start:
And if you log in into CLI and execute show application status ise you see this on your Admin nodes (PAN):
ISE PROCESS NAME STATE PROCESS ID
--------------------------------------------------------------------
Database Listener running 19919
Database Server running 111 PROCESSES
Application Server running 27686
Profiler Database running 25182
ISE Indexing Engine not running The backup is also not created due to failing indexing process:
I have a multi-node deployment with two nodes (primary and secondary) with PAN, PSN and MNT personas. I've looked thru many topics on Cisco community forum and found no answer about how to fix this. Common recommendation in this case is to check:
- NTP sync status and time-zone setting;
- if DNS is properly set and working, you should have PTR records for ISE nodes that have PAN role running;
- that all nodes have proper Admin certificates installed (they could be self-signed).
The last advice - is to open a TAC case. After I checked and then double-checked all of that I still had that service in not running state.
And then I found a fresh (relatively) bug in BST - CSCve24378.
Symptom:
Indexing engine checks for reverse DNS entries and remains in stopped state in cluster.
Reverse DNS lookup has to be working in order for the Indexing engine on the Secondary node to join the Indexing engine running on the Primary.
Conditions:
It is noticed on ISE 2.1 path 3
Workaround:
Manually define admin entries using cli hostname command.
Further Problem Description:
ISE 2.1 patch 3
Quick look for ISE CLI reference guide gave me ip host command that can be used to associate IP to FQDN. So I entered it on both servers referencing to each other.
Make sure you read command reference before changing something in your environment!
# ISE01
(conf-t)# ip host 10.0.4.2 ise02 ise02.lab.local
Add Host alias was modified. You must restart ISE for change to take effect.
Do you want to restart ISE now? (yes/no) yes
Stopping ISE Monitoring & Troubleshooting Log Processor...
PassiveID WMI Service is disabled
PassiveID Syslog Service is disabled
PassiveID API Service is disabled
PassiveID Agent Service is disabled
...# ISE02
(conf-t)# ip host 10.0.4.1 ise01 ise01.lab.local
Add Host alias was modified. You must restart ISE for change to take effect.
Do you want to restart ISE now? (yes/no) yes
Stopping ISE Monitoring & Troubleshooting Log Processor...
PassiveID WMI Service is disabled
PassiveID Syslog Service is disabled
PassiveID API Service is disabled
PassiveID Agent Service is disabled
...And after application restart I have it up and running:
ISE PROCESS NAME STATE PROCESS ID
--------------------------------------------------------------------
Database Listener running 20250
Database Server running 104 PROCESSES
Application Server running 28024
Profiler Database running 25510
ISE Indexing Engine running 29912 Success!
