Guest

Preview Tool

Cisco Bug: CSCvu87742 - ISE unable to authenticate to ACI due to wrong hostname when changing to a Third Party Certificate

Last Modified

Sep 04, 2020

Products (1)

  • Cisco Identity Services Engine

Known Affected Releases

2.3(0.297)

Description (partial)

Symptom:
When configuring ACI in ISE for sxp integration, authentication fails due to the following error messages in the sxp.log
ISE: Work Centers>Trust sec>Settings>ACI Settings

2020-07-10 11:38:41,880 INFO  [StartApicPSN] com.cisco.cpm.apic.ApicMgr:528 -  Use APIC X.X.X.X on PSN
2020-07-10 11:38:41,880 INFO  [StartApicPSN] com.cisco.cpm.apic.ApicMgr:533 -  Authentication to APIC 14.2.165.152 on PSN
2020-07-10 11:38:41,880 INFO  [StartApicPSN] com.cisco.cpm.apic.ApicCommunicator:65 -  Authenticate APIC 14.2.165.152 admin name admin
2020-07-10 11:38:42,969 DEBUG [StartApicPSN] cisco.cpm.apic.schema.RestClient:443 -  Check if this is self sign APIC certificate
2020-07-10 11:38:42,969 DEBUG [StartApicPSN] cisco.cpm.apic.schema.RestClient:453 -  It isn't self sign APIC certificate
2020-07-10 11:38:42,974 ERROR [StartApicPSN] com.cisco.cpm.apic.ApicCommunicator:94 -  APIC authentication failed HTTPS hostname wrong:  should be <apic1>
2020-07-10 11:38:42,974 INFO  [StartApicPSN] com.cisco.cpm.apic.ApicMgr:565 - Wait for 60 seconds from PSN ...
2020-07-10 11:38:48,646 DEBUG [sxpservice-http-96443] cisco.ise.sxp.rest.DebugFilter:30 - ENTERING DEBUG FILTER
2020-07-10 11:38:48,649 DEBUG [sxpservice-http-96443] cisco.ise.sxp.rest.SxpGlueRestAPI:524 - list engine info

Conditions:
Changing the ACI server under  TrustSec>Settings>ACI Settings
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.