OPERATIONAL DEFECT DATABASE
...
...
ISE could display one or both of the following symptoms: 1) All CPU cores could be stuck at 100% utilization. 2) Crashes can be seen in disk:/corefiles
ISE 2.7 patch 6 and later, ISE 3.0 and later. ISE is processing PEAP authentications.
If the CPU hangs, the ISE services can be restarted. There is currently no workaround to prevent the issue from occurring.
This issue can be verified by looking for errors in the prrt-server.log file leading up to the CPU hang or crash: Crypto,2021-11-22 03:05:50,066,WARN ,0x7f9186479700,NIL-CONTEXT,Crypto::Result=101, Crypto.SSLConnection.processData - handshake failed openSSL error=1, message="26916:error:2406B004:random number generator:DRBG_GENERATE:RSA lib:drbg_lib.c:390: Eap,2021-11-22 03:05:50,066,WARN ,0x7f9186479700,cntx=0000233116,sesn=derusvapispdpi1/426915015/14926,CPMSessionID=1f38f2060000004d619acb81,CallingStationID=D6-11-AA-1C-CC-DA,EAP-TLS: SSL handshake failed, connection state = 3, peek SSL error 0, SSL message "26916:error:2406B004:random number generator:DRBG_GENERATE:RSA lib:drbg_lib.c:390: "tech top" can be run from the ISE cli and the "i" key pressed to see which threads are consuming the CPU cores. If Thread-46 is consuming all the cores it is another indication that this bug could be the issue.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
