cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

108
Views
0
Helpful
1
Replies

has the bug ( ISE 2.4 URT fails with cert error CSCvo51415) been resolved ? If not is there a known workaround or fix?

I am attempting to run the ISE URT tool to upgrade ISE nodes in a distributed deployment.

when running the ISE URT tool the below error message occurs even after certificates are not expired and/or have been removed and no dependencies are there. Worked with Cisco TAC and still haven't found a solution.


########################################
# Running Upgrade Readiness Tool (URT) #
########################################
This tool will perform following tasks:
1. Pre-requisite checks
2. Clone config database
3. Copy upgrade files
4. Data upgrade on cloned database
5. Time estimate for upgrade

Pre-requisite checks
====================
Disk Space sanity check
- Successful
NTP sanity
- Successful
Appliance/VM compatibility
- Successful
Trust Cert Validation
% Error: Unknown error while validating trust certificates. Upgrade cannot continue, please check logs.
- Failed
System Cert Validation
% Error: Unknown error while validating system certificates. Upgrade cannot continue, please check logs.
/opt/CSCOcpm/upgrade/bin/isedbupgrade-functions.sh: line 101: [: -le: unary operator expected
- Failed

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advocate

Re: has the bug ( ISE 2.4 URT fails with cert error CSCvo51415) been resolved ? If not is there a known workaround or fix?

Hi @MorrellByrd88918 

 

Have you gone through every single node in the deployment and checked for expired System certificates? In large deployments this can easily be overlooked.

Have you also checked the internal ISE CA to see whether everything looks good (no expired certs etc.) ?

 

I have not seen this type of issue before. But you should be working with the TAC since they are the only ones who can look under the hood

 

regards

Arne

View solution in original post

1 REPLY 1
Highlighted
VIP Advocate

Re: has the bug ( ISE 2.4 URT fails with cert error CSCvo51415) been resolved ? If not is there a known workaround or fix?

Hi @MorrellByrd88918 

 

Have you gone through every single node in the deployment and checked for expired System certificates? In large deployments this can easily be overlooked.

Have you also checked the internal ISE CA to see whether everything looks good (no expired certs etc.) ?

 

I have not seen this type of issue before. But you should be working with the TAC since they are the only ones who can look under the hood

 

regards

Arne

View solution in original post