Solved: Re: has the bug ( ISE 2.4 URT fails with cert error CSCvo51415) been resolved ? If not is there a kn...

MorrellByrd88918 · ‎11-26-2019

I am attempting to run the ISE URT tool to upgrade ISE nodes in a distributed deployment.

when running the ISE URT tool the below error message occurs even after certificates are not expired and/or have been removed and no dependencies are there. Worked with Cisco TAC and still haven't found a solution.

########################################
# Running Upgrade Readiness Tool (URT) #
########################################
This tool will perform following tasks:
1. Pre-requisite checks
2. Clone config database
3. Copy upgrade files
4. Data upgrade on cloned database
5. Time estimate for upgrade

Pre-requisite checks
====================
Disk Space sanity check
- Successful
NTP sanity
- Successful
Appliance/VM compatibility
- Successful
Trust Cert Validation
% Error: Unknown error while validating trust certificates. Upgrade cannot continue, please check logs.
- Failed
System Cert Validation
% Error: Unknown error while validating system certificates. Upgrade cannot continue, please check logs.
/opt/CSCOcpm/upgrade/bin/isedbupgrade-functions.sh: line 101: [: -le: unary operator expected
- Failed

Arne Bier · ‎12-02-2019

Hi @MorrellByrd88918

Have you gone through every single node in the deployment and checked for expired System certificates? In large deployments this can easily be overlooked.

Have you also checked the internal ISE CA to see whether everything looks good (no expired certs etc.) ?

I have not seen this type of issue before. But you should be working with the TAC since they are the only ones who can look under the hood

regards

Arne

View solution in original post

Arne Bier · ‎12-02-2019