Guest

Preview Tool

Cisco Bug: CSCvt89098 - ISE does not reattempt wildcard replication for failed nodes

Last Modified

Jul 13, 2020

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

2.4(0.911) 2.6(0.906)

Description (partial)

Symptom:
In a number of different cases and scenarios, wildcard replication can fail for only a subset of the nodes in an ISE deployment. 

An impactful use-case that come to mind where this can be problematic:

The existing wildcard is replacing an old wildcard.  Nodes that succeed will have the new wildcard, while nodes that fail have to the old wildcard.  If this certificate is in use for the admin role, simply re-uploading the certificate and having it replicate to all nodes again is a time-consuming and service impactful for customers.

Conditions:
Wildcard certificate requires that the certificate is replicated to ALL nodes.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.