Symptom
ISE could display one or both of the following symptoms:
1) All CPU cores could be stuck at 100% utilization.
2) Crashes can be seen in disk:/corefiles
Conditions
ISE 2.7 patch 6 and later, ISE 3.0 and later.
ISE is processing PEAP authentications.
Workaround
If the CPU hangs, the ISE services can be restarted. There is currently no workaround to prevent the issue from occurring.
Further Problem Description
This issue can be verified by looking for errors in the prrt-server.log file leading up to the CPU hang or crash:
Crypto,2021-11-22 03:05:50,066,WARN ,0x7f9186479700,NIL-CONTEXT,Crypto::Result=101, Crypto.SSLConnection.processData - handshake failed openSSL error=1, message="26916:error:2406B004:random number generator:DRBG_GENERATE:RSA lib:drbg_lib.c:390:
Eap,2021-11-22 03:05:50,066,WARN ,0x7f9186479700,cntx=0000233116,sesn=derusvapispdpi1/426915015/14926,CPMSessionID=1f38f2060000004d619acb81,CallingStationID=D6-11-AA-1C-CC-DA,EAP-TLS: SSL handshake failed, connection state = 3, peek SSL error 0, SSL message "26916:error:2406B004:random number generator:DRBG_GENERATE:RSA lib:drbg_lib.c:390:
"tech top" can be run from the ISE cli and the "i" key pressed to see which threads are consuming the CPU cores. If Thread-46 is consuming all the cores it is another indication that this bug could be the issue.
