topic Re: ISE UPGRADE ISSUE from 2.1.0.474 to 2.4.357 in Network Access Control

ISE UPGRADE ISSUE from 2.1.0.474 to 2.4.357

WEERAKOO69BA — Sat, 01 Sep 2018 09:25:53 GMT

Dear All,

I have created the repository in the local disk and uploaded the IOS to the repository. And tried to do the upgrade as follows.This is two node deployment.

Upgrading from 2.1.0.474 to 2.4.0.357

ISE02/admin# application upgrade prepare ise-upgradebundle-2.0.x-2.3.x-to-2.4.0.357.SPA.x86_64.tar.gz ISE-DISK

Getting bundle to local machine...
Unbundling Application Package...
% Unable to unbundle the package. It should be in tar.gz file format
ISE02/admin#

Is there any reason to get this message? I have already uploaded the IOS to the appliance. And also according to the release note ,can upgrade directly from 2.1.0.474 to 2.4.0.357.

It would be grateful if anyone can help me..

Thanks

Re: ISE UPGRADE ISSUE from 2.1.0.474 to 2.4.357

hslai — Sat, 01 Sep 2018 16:00:57 GMT

Please ensure to take a CFG backup successfully before proceeding to upgrade. ISE 2.4 has a upgrade readiness tool (URT) and use it to verify your existing data in ISE before the upgrade.

As to the error message you received, check your web browser and ensure it not opening the download file automatically; e.g. see Disable 'Open Safe Files After Downloading'. The upgrade bundle needs kept in the same tar.gz format, to be usable by ISE.

After download, please verify the file size and the file checksum against the info in Cisco download site.

Description :	Upgrade bundle for upgrading ISE version 2.0, 2.0.1, 2.1, 2.2, 2.3 to 2.4. This is a signed bundle for image integrity
Release :	2.4.0
Release Date :	12-Apr-2018
FileName :	ise-upgradebundle-2.0.x-2.3.x-to-2.4.0.357.SPA.x86_64.tar.gz
Size :	9000.04 MB ( 9437227296 bytes)
MD5 Checksum :	cc4a5da6f8cbfe6ac9e9ce101a75858b
SHA512 Checksum :	def0a83340745d5faf478728f2d683b9897598c4b04dd6613c6ff6ff3346b6942a742a5bbed1bceb4a69236808b2c3f0ef6b670bf35d2bb6452fb29b9c4667dd

Re: ISE UPGRADE ISSUE from 2.1.0.474 to 2.4.357

WEERAKOO69BA — Tue, 04 Sep 2018 09:04:38 GMT

Thanks for the reply.

I already copied the file to the local disk.That means repository is local.It should open correct?

File type is correct.

Only thing I found is both nodes are having same time but different than the system time.Since the file is already inside,does this matter for the failing ?

Or else should I do 2.1 to 2.2 first?

Any advice..

Thanks

Re: ISE UPGRADE ISSUE from 2.1.0.474 to 2.4.357

Charlie Moreton — Tue, 04 Sep 2018 12:49:22 GMT

How much disk space is on that node? Just having the upgrade file on the node doesn't matter if it can't be extracted.

Re: ISE UPGRADE ISSUE from 2.1.0.474 to 2.4.357

paul — Tue, 04 Sep 2018 15:25:27 GMT

You are better off doing a fresh 2.4 build and a restore vs. trying to do the upgrade method (either CLI or GUI). There are several posts on the community forums and a guide to doing the fresh build/restore method.

https://community.cisco.com/t5/security-documents/ise-upgrades-best-practices/ta-p/3656934

Re: ISE UPGRADE ISSUE from 2.1.0.474 to 2.4.357

WEERAKOO69BA — Fri, 07 Sep 2018 07:02:07 GMT

Dear All,

Thanks every one for sharing your solutions and helping me.

What I did was ,rather than going to 2.4 straightaway to 2.4 ,upgraded successfully the secondary node from 2.1 to 2.2. Now primary is in 2.1 and secondary one in 2.2.

When I try to access the secondary ,it gives the following error,but I can access the primary one as usual.

My question is ,

1)shall I go ahead and do the upgrade on primary one(A) from 2.1 to 2.2 as recommended.

2)Then primary will join to the previous secondary one(B),which was upgraded early, as secondary.

Then will I face the same issue again because I have to access B to promote the A as primary.

In this case I won't be access ISE from GUI and have to reset to factory default.

3) or else B will reset to factory defaulty and rejoin to A.But A need to be upgraded and standalone device.

Is there any other solution anyone can think of?

Pls share your expertise.

Thank you

Re: ISE UPGRADE ISSUE from 2.1.0.474 to 2.4.357

Damien Miller — Fri, 07 Sep 2018 07:11:03 GMT

I'm going to recommend you engage TAC to help you sort this out. There are many variables that are difficult to comprehend from forum posts.

I have taken client environments straight from 2.1 to 2.4 and it works fine. There is something else at play here which would benefit from an inside look.