Cisco Identity Services Engine

Identity Services Engine FAQ

Document ID: 113607

Updated: Jul 09, 2012



This document provides answers to the most frequently asked questions (FAQs) related to Cisco Identity Services Engine (ISE) 1.1 and later.

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Q. Can I authenticate the ISE Administrator from an external database?

A. In Cisco ISE Release 1.1, you have an option to provide administrator user authentication via an external identity store such as Active Directory, LDAP, or RSA SecurID. This can be done using the administrator user interface GUI.

Q. Can I authenticate the ISE Administrator from an external identity store using the CLI?

A. No. Currently this feature is not supported in Cisco ISE 1.1 Software Release.

Q. Is it possible to specify ISE to only use NTP with authentication?

A. Beginning with ISE 1.1, you can select if ISE should use only authenticated NTP servers and you can enter one or more authentication keys for that purpose.

Q. What is the character length of the hostname that can be assigned to ISE when it is integrated to Active Directory?

A. It is important to limit Cisco ISE hostnames to 15 characters or less in length if you use Active Directory on your network. Active Directory does not validate hostnames larger than 15 characters. This can cause a problem if you have multiple ISE hosts in your deployment whose hostnames are identical through the first 15 characters, and are only distinguishable by the characters that follow.

Q. Is it possible to customize the email and print options on the Sponsor Portal in order to add a logo and change the font style?

A. Currently, for the Guest User account email/print option, there is no possibility to include a logo or change the font on that page. Adding the logo feature is possible only for the Guest Portal from Admin > Guest Management > Settings > General > Portal Theme. Refer to Creating a custom portal theme for more information.

Adding a logo is not possible via the email/print option for Guest User account. For the font option, there is an enhancement request raised. Refer to Cisco bug ID CSCua18834 ( registered customers only) for more information.

Q. Is it possible to send the guest account details elsewhere before they are purged so that they can retain company/email/phone number/name details? The guest reports appear to show the username, but not the email address, phone number, company, etc. Is there a way to view and export these extra details?

A. Currently, this is not supported. Refer to Cisco bug ID CSCty82007 ( registered customers only) for more information.

Q. I receive the SoftDog:Unexpected close, not stopping watchdog! error message when iPEP is configured on the secondary box and cannot access the standby iPEP devices. What does this mean?

A. This error message can occur when the heartbeat packets are unable to negotiate. This is not going to adversely affect the services and can be considered as a cosmetic issue. In order to resolve this, reload the standby ISE.

Q. My GUI password for ISE has expired. What can I do?

A. In order to reset the password, login to the CLI and run the application reset-passwd ise <username> command. This resets the GUI password for ISE.

Q. I have created the 30-day and 60-day accounts for guests, but the limit still does not go past 10 days. What can I do?

A. Despite the Guest Account configuration, the sponsor group can have a maximum duration of the account setting which overrides the settings on accounts created by sponsors in that group. Make sure the maximum duration extends out to 60 days.

Related Information

Updated: Jul 09, 2012
Document ID: 113607