THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
|Affected OS Type
||Affected Release Number
2.0.1, 2.0, 2.2.0, 2.1.0
||ISE /var/cache/logwatch temp files are not removed|
A Cisco Identity Services Engine (ISE) node where the root (/) partition is filled might not allow the admin access through an SSH or console connection. In addition, the ISE node might not be able to join an Active Directory or end users might not be able to establish a new authentication session. Subject to the persona of the node (that is, PAN/MnT/PxGrid/PSN), the impact can be local to the node or the entire deployment.
The Linux Logwatch utility generates logs available from /var/log, each of which is 2MB in size. The logs are not properly deleted, which occupies free space in the root partition, and eventually causes the root partition to run out of space.
ISE generates an alarm, similar to this example, which can be viewed through the admin GUI.
The ISE system is experiencing High Disk Space Utilization
Check if the system has sufficient resources, Check the actual amount of work on the system for
example, no of authentications, profiler activity etc.., Add additional server to distribute
CLI system message seen upon log in:
"Unable to launch ADE-OS shell. Disk full."
In order to fix this problem, upgrade or patch to these ISE software versions:
- ISE 2.0 Patch 5 or later
- ISE 2.1 Patch 5 or later
- ISE 2.2 Patch 1 or later
- ISE 2.3 or later
If this error occurs when an attempt is made to apply a patch in the administration web user interface, then the ISE root partition is already full and cannot proceed with the patch installation. For further assistance, contact the Cisco Technical Assistance Center (TAC).
Administration Web User Interface Error
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.