URLKUZE (Customer) asked a question.

June 4, 2024 at 12:21 PM
Monitor Node secret mistmach between agent and server ?

Dear Community,

We recently had an issue after upgrading our ISE deployment, the shared secret between the agent (ISE) and server had to be manually cleared for all ISE. We identified the issue in the real-time Activity Monitoring, with messages like the one below:

 

Node secret verification        Verifying node secret for the agent “ISE1" with IP address “10.1.1.1” in security domain “SystemDomain”        Node secret mismatch: cleared on server but not on agent

Node secret sent        Node secret sent to agent “ise1" with IP address “10.1.1.1” in security domain “SystemDomain”        N/A        

 

 I’m looking at a way to monitor or at least get alerted in case a node secret issue is happening. Looking at the SNMP Mib, I don’t see any relevant OIDs about that, and I wander if snmp traps (at any level) would be triggered if the issue occurs again. Do you have any information or advice to achieve this ?

Thank you for your help.

  • 3 answers
  • 790 views

  • FrankMiller (RSA)

    I am standing by my answer. Node secrets don't delete themselves. To clear a Node secret. The administrator either has to clear the node secret from the agent entry or delete then re-add agent entry.

     

    Selected as Best

  • FrankMiller (RSA)

    Instead for putting all kinds of tools in place. Why don't you find the admin that is clearing the node secret and tell them to stop. Clearing Node secrets is no a valid troubleshooting tool. Node secrets don't get deleted by themselves.

  • URLKUZE (Customer)

    I’m positive the shared secret where not manually cleared by someone, but we had to do it after the ISE where upgraded and rebooted, because the communication between our ISE and SecurID instances where not working anymore, and the error message above about the node secret mismatch could be seen on the real-time activity logs . Besides, I encountered myself the same issue in the past during a maintenance windows on our securID deployment, and I know no one had cleared the shared secret either.

    Looking at the report logs and monitoring tools we have, we had no indication about a node secret mismatch, the only logs I could find where in the real-time activity logs during our maintenance windows, that’s why I allowed myself to post a question here, to see if people (RSA or customers) had the same issue or any relevant tips about monitoring the shared secret.

    Expand Post

  • FrankMiller (RSA)

    I am standing by my answer. Node secrets don't delete themselves. To clear a Node secret. The administrator either has to clear the node secret from the agent entry or delete then re-add agent entry.

     

    Selected as Best

Don't see what you're looking for?