Whether a server is alive is determined after sending an environment-data or an SGACL request to Cisco ISE. There is no liveliness
detection phase after a server is configured or downloaded as part of a server list. The default server status is alive for
all types of servers.
When a request is sent to Cisco ISE, and if the server is not reachable or the response is lost, the server is moved to dead
state. The server selection logic will pick the next server and IP address to send the next set of Cisco ISE requests. The
logic will pick the next server in the list, even if current server has multiple IP addresses, essentially the logic will
switch servers, and not the IP addresses within the same server.
A server can be marked as dead because of any of the following reasons:
The configured IP address is not reachable.
Incorrect port number.
The Cisco ISE instance with the IP address is down.
The interface towards Cisco ISE is down.
A TLS handshake failure.
An HTTP response timeout.
An incorrectly configured domain name (if a domain name is used).
If a server has both the static IP address and the domain name configured, preference is given to the static IP address.
If there is no response to the static IP address, the device tries with the domain name. When no response is received with
both the static IP address and the domain-name, the server is marked as dead.
When all servers of the private list are marked as dead, the device uses the public list. If all remaining servers are also
marked as dead, then the recovery mechanism starts. The device waits for the next Cisco TrustSec request (for policy refresh,
environment data download or refresh and so on), and marks all the servers as alive to retry the download. If there is no
trigger for a new Cisco TrustSec request, the servers will remain in the dead state.