This patching issue is due to the bug - CSCwe08264.Please refer to the details below.
Description:
Symptom: Patch installation on 2.7 from P1/P2 to P8 will not be complete. No issues are observed when Patch 8 is installed on top of 2.7 FCS(no patches), patches 3,4,5,6,7.
Conditions: Patch installation does not complete.
Workaround:
Move to an intermediate patch such as P6 first from P2 and then install P8 to avoid running into this problem. If you have already run into this issue, follow the below steps:
1) Reboot the node from the CLI,
2) Rollback 2.7Patches 1 and/or 2.7Patch 2 depending on which patches were already installed on that node. 3) Install 2.7Patch 8 again (This step is critical to get the node back to operational state)
Further Problem Description:
This bug only impacts the ability to install 2.7 patches 8 when the deployment is currently on 2.7 patches 1 or patch 2. If you have successfully installed patch 8 there is no further action required
Suggestion:
1. 2.7 patch 9 resolves the patching issue so patching directly from any 2.7 patch 1 /Patch 2 to 2.7 patch 9 requires no interim patching step. So we suggest you move directly to 2.7 patches 9.
2. If you have interested to move 2.7 patches 8 then we suggest you move to an interim version like 2.7 patches 6 and then again move to 27 patches 2.8.
-------------------------------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.
You can also learn more about ISE through our live Ask the Experts (ATXs) session. Check out Cisco ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-endpoint-security-ask-the-experts-resources/ta-p/4394492] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
----------------------------------------
Thanks ,
G.Srinivasan