Guest

Preview Tool

Cisco Bug: CSCvt27360 - [CFD] ISE integration failing - While decrypting bad credentials are returned by credmanager service

Last Modified

Oct 29, 2020

Products (1)

  • Cisco DNA Center

Known Affected Releases

DNAC1.3.1.3

Description (partial)

Symptom:
The Cisco DNA Center to ISE Integration may fail.  While decrypting, bad credentials are returned by the credential-manager service.

The network-design-service logs indicate the failure:

|  1218|  2020-03-02 07:12:15,954 |      INFO | pool-4-thread-1              |    | c.c.a.c.e.c.CloseableHttpClientUtils | Making an api call: GET xxxxx://OCP-POP-C1-PAN1.expo.local:9060/ers/config/node|
|  1219|  2020-03-02 07:12:15,995 |      INFO | pool-4-thread-1              |    | c.c.a.c.e.c.CloseableHttpClientUtils | Trying Secondary ISE SCP-POP-C2-PAN2.expo.local |
|  1220|  2020-03-02 07:12:15,996 |      INFO | pool-4-thread-1              |    | c.c.a.c.e.c.CloseableHttpClientUtils | Decrypting Password when password has not changed. |
|  1221|  2020-03-02 07:12:16,025 |      INFO | pool-4-thread-1              |    | c.c.a.c.e.c.CloseableHttpClientUtils | Making an api call: GET xxxxx://SCP-POP-C2-PAN2.expo.local:9060/ers/config/node|
|  1222|  2020-03-02 07:12:16,090 |     ERROR | pool-4-thread-1              |    | c.c.a.c.e.c.CloseableHttpClientUtils | Incorrect username/password. The ISE username/password on Cisco DNA Center must match the admin username/password on ISE |
|  1223|  2020-03-02 07:12:16,090 |      INFO | pool-4-thread-1              |    | c.c.a.c.e.c.CloseableHttpClientUtils | Updating trust state of PRIMARY OCP-POP-C1-PAN1.expo.local (x.x.x.x) to UNTRUSTED |
|  1224|  2020-03-02 07:12:16,102 |     ERROR | pool-4-thread-1              |    | c.c.a.c.e.c.CloseableHttpClientUtils | Incorrect username/password. The ISE username/password on Cisco DNA Center must match the admin username/password on ISE |
|  1225|  2020-03-02 07:12:16,102 |      INFO | pool-4-thread-1              |    | c.c.a.c.e.c.CloseableHttpClientUtils | Updating trust state of SECONDARY SCP-POP-C2-PAN2.expo.local (x.x.x.x) to UNTRUSTED |
|  1226|  2020-03-02 07:12:18,274 |      INFO | SimpleAsyncTaskExecutor-1    |    | c.c.a.i.d.s.n.h.GroupByClassMessageHandler | Reached GroupByClassMessageHandler |

Conditions:
This was observed in Cisco DNA Center 1.3.1.3 (in a 3-node cluster), integrated with ISE 2.4.0.257 Patch 9.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.