07-19-2019 05:03 AM - edited 07-19-2019 05:09 AM
Hello,
URT test fails on ISE 2.2 Patch 14.
Can anybody read the log and tell me, what is wrong in the First Rule of Policy Set?
Running data upgrade on cloned database
- Data upgrade step 1/43, UPSUpgradeHandler(2.3.0.100)... Failed.
- Failed
Condition:
@@@ PsUpgrade: debug- : Found allow value for Network Access:Protocol0:RADIUS @@@ PsUpgrade: warn- :Couldn't buildConditionDataForNameValue for: lhsAttrId:DEVICE.Device Type rhsString:null:Device Type#All Device Types#ASA FW, Will try to build it from rhs value com.cisco.cpm.policy.pal.PalException: Value for attribute is not a permitted option at com.cisco.cpm.policy.pal.policyCondition.ConditionsData.validateAllowedValues(ConditionsData.java:545) at com.cisco.cpm.policy.pal.policyCondition.ConditionsData.initSimple(ConditionsData.java:438) at com.cisco.cpm.policy.pal.policyCondition.ConditionsData.<init>(ConditionsData.java:299) at com.cisco.cpm.policy.configuration.upgrade.PolicyUpgradeUtil.buildConditionDataForNameValue(PolicyUpgradeUtil.java:947) at com.cisco.cpm.policy.configuration.upgrade.builder.UpgradeNetAccessRuleBuilder.buildConditionDataClauseSimple(UpgradeNetAccessRuleBuilder.java:152) at com.cisco.cpm.policy.configuration.upgrade.builder.UpgradeNetAccessRuleBuilder.buildConditionDataClauses(UpgradeNetAccessRuleBuilder.java:99) at com.cisco.cpm.policy.configuration.upgrade.builder.UpgradeNetAccessRuleBuilder.buildRuleConditionData(UpgradeNetAccessRuleBuilder.java:70) at com.cisco.cpm.policy.configuration.upgrade.builder.AbstractUpgradePolicyDataBuilder.buildNetAccessRuleConditionData(AbstractUpgradePolicyDataBuilder.java:78) at com.cisco.cpm.policy.configuration.upgrade.builder.UpgradePolicyDataBuilderRadius.buildNetAccessRuleConditionData(UpgradePolicyDataBuilderRadius.java:200) at com.cisco.cpm.policy.configuration.upgrade.builder.AbstractUpgradePolicyDataBuilder.buildPSLevelConditionsData(AbstractUpgradePolicyDataBuilder.java:64) at com.cisco.cpm.policy.configuration.upgrade.builder.UpgradePolicyDataBuilderRadius.buildUpgradeData(UpgradePolicyDataBuilderRadius.java:76) at com.cisco.cpm.policy.configuration.upgrade.PolicyUpgrade.upgradeLegacySetRadius(PolicyUpgrade.java:394) at com.cisco.cpm.policy.configuration.upgrade.PolicyUpgrade.upgradeLegacySet(PolicyUpgrade.java:337) at com.cisco.cpm.policy.configuration.upgrade.PolicyUpgrade.upgradeLegacySets(PolicyUpgrade.java:213) at com.cisco.cpm.ups.upgrade.impl.PolicyUpgradeHandler.importData(PolicyUpgradeHandler.java:67) at com.cisco.cpm.ups.upgrade.UpgradeHandler.exportAndImport(UpgradeHandler.java:38) at com.cisco.cpm.ups.upgrade.UpgradeHandler.execUpgrade(UpgradeHandler.java:29) at com.cisco.cpm.ups.upgrade.impl.UPSUpgradeHandler.upgrade(UPSUpgradeHandler.java:154) at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.UpgradeServices(UpgradeServiceRegistrar.java:132) at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.main(UpgradeServiceRegistrar.java:185) @@@ PsUpgrade: debug- :Trying to rebuildConditionDataForNameValue for: lhsAttrId:DEVICE.Device Type rhsString:Device Type#All Device Types#ASA FW @@@ PsUpgrade: info- :Successfully rebuildConditionDataForNameValue for: lhsAttrId:DEVICE.Device Type rhsString:All Device Types#ASA FW @@@ PsUpgrade: debug- :Reading Authentication rules for Policy Set ASA FW Rule @@@ PsUpgrade: debug- :Reading Default Authentication rule for Policy Set ASA FW Rule @@@ PsUpgrade: debug- :Build authentication result data for default rule of Policy Set ASA FW Rule isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET -->validatePolicyMode, isArrivingFromPolicySetAPI= true isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET -->validatePolicyMode, PolicySetRestService.isPolicySetModeActivated() = true isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET @@@ PsUpgrade: debug- :Built authentication result for rule Default with following attributes: Identity Source=Internal Users, If Auth fail=REJECT, If Process fail=DROP, If User not found=REJECT @@@ PsUpgrade: debug- :Found 1 non default Authentication rules for Policy Set ASA FW Rule @@@ PsUpgrade: debug- :Reading Authentication rule ASA VPN AuthC of Policy Set ASA FW Rule @@@ PsUpgrade: debug- :About to get condition RHS display value for Network Access with attribute Protocol @@@ PsUpgrade: debug- :Network Access:Protocol has allow values enumeration @@@ PsUpgrade: debug- : Found allow value for Network Access:Protocol0:RADIUS @@@ PsUpgrade: warn- :Couldn't buildConditionDataForNameValue for: lhsAttrId:DEVICE.Device Type rhsString:null:Device Type#All Device Types#ASA FW, Will try to build it from rhs value com.cisco.cpm.policy.pal.PalException: Value for attribute is not a permitted option at com.cisco.cpm.policy.pal.policyCondition.ConditionsData.validateAllowedValues(ConditionsData.java:545) at com.cisco.cpm.policy.pal.policyCondition.ConditionsData.initSimple(ConditionsData.java:438) at com.cisco.cpm.policy.pal.policyCondition.ConditionsData.<init>(ConditionsData.java:299) at com.cisco.cpm.policy.configuration.upgrade.PolicyUpgradeUtil.buildConditionDataForNameValue(PolicyUpgradeUtil.java:947) at com.cisco.cpm.policy.configuration.upgrade.builder.UpgradeNetAccessRuleBuilder.buildConditionDataClauseSimple(UpgradeNetAccessRuleBuilder.java:152) at com.cisco.cpm.policy.configuration.upgrade.builder.UpgradeNetAccessRuleBuilder.buildConditionDataClauses(UpgradeNetAccessRuleBuilder.java:99) at com.cisco.cpm.policy.configuration.upgrade.builder.UpgradeNetAccessRuleBuilder.buildRuleConditionData(UpgradeNetAccessRuleBuilder.java:70) at com.cisco.cpm.policy.configuration.upgrade.builder.AbstractUpgradePolicyDataBuilder.buildNetAccessRuleConditionData(AbstractUpgradePolicyDataBuilder.java:78) at com.cisco.cpm.policy.configuration.upgrade.builder.UpgradePolicyDataBuilderRadius.buildNetAccessRuleConditionData(UpgradePolicyDataBuilderRadius.java:200) at com.cisco.cpm.policy.configuration.upgrade.builder.AbstractUpgradePolicyDataBuilder.buildAuthenticationRules(AbstractUpgradePolicyDataBuilder.java:128) at com.cisco.cpm.policy.configuration.upgrade.builder.UpgradePolicyDataBuilderRadius.buildUpgradeData(UpgradePolicyDataBuilderRadius.java:96) at com.cisco.cpm.policy.configuration.upgrade.PolicyUpgrade.upgradeLegacySetRadius(PolicyUpgrade.java:394) at com.cisco.cpm.policy.configuration.upgrade.PolicyUpgrade.upgradeLegacySet(PolicyUpgrade.java:337) at com.cisco.cpm.policy.configuration.upgrade.PolicyUpgrade.upgradeLegacySets(PolicyUpgrade.java:213) at com.cisco.cpm.ups.upgrade.impl.PolicyUpgradeHandler.importData(PolicyUpgradeHandler.java:67) at com.cisco.cpm.ups.upgrade.UpgradeHandler.exportAndImport(UpgradeHandler.java:38) at com.cisco.cpm.ups.upgrade.UpgradeHandler.execUpgrade(UpgradeHandler.java:29) at com.cisco.cpm.ups.upgrade.impl.UPSUpgradeHandler.upgrade(UPSUpgradeHandler.java:154) at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.UpgradeServices(UpgradeServiceRegistrar.java:132) at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.main(UpgradeServiceRegistrar.java:185) @@@ PsUpgrade: debug- :Trying to rebuildConditionDataForNameValue for: lhsAttrId:DEVICE.Device Type rhsString:Device Type#All Device Types#ASA FW @@@ PsUpgrade: info- :Successfully rebuildConditionDataForNameValue for: lhsAttrId:DEVICE.Device Type rhsString:All Device Types#ASA FW @@@ PsUpgrade: debug- :Build authentication result data for rule ASA VPN AuthC in Policy Set ASA FW Rule isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET -->validatePolicyMode, isArrivingFromPolicySetAPI= true isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET -->validatePolicyMode, PolicySetRestService.isPolicySetModeActivated() = true isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET @@@ PsUpgrade: debug- :Build authentication rule result data for outer rule ASA VPN AuthC @@@ PsUpgrade: debug- :Reading authentication inner rules for PS: ASA FW Rule @@@ PsUpgrade: debug- :Build authentication rule result data for outer default rule isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET -->validatePolicyMode, isArrivingFromPolicySetAPI= true isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET -->validatePolicyMode, PolicySetRestService.isPolicySetModeActivated() = true isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET Retrived the data from Handlercom.cisco.cpm.ups.upgrade.impl.PolicyUpgradeHandler] com.cisco.cpm.infrastructure.upgrade.api.UpgradeFailureException: java.lang.NullPointerException at com.cisco.cpm.ups.upgrade.UpgradeHandler.exportAndImport(UpgradeHandler.java:41) at com.cisco.cpm.ups.upgrade.UpgradeHandler.execUpgrade(UpgradeHandler.java:29) at com.cisco.cpm.ups.upgrade.impl.UPSUpgradeHandler.upgrade(UPSUpgradeHandler.java:154) at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.UpgradeServices(UpgradeServiceRegistrar.java:132) at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.main(UpgradeServiceRegistrar.java:185) Caused by: java.lang.NullPointerException at com.cisco.cpm.policy.configuration.upgrade.builder.AbstractUpgradePolicyDataBuilder.buildAuthenticationRuleResultDataForOuterDefaultRule(AbstractUpgradePolicyDataBuilder.java:284) at com.cisco.cpm.policy.configuration.upgrade.builder.AbstractUpgradePolicyDataBuilder.buildAuthenticationInnerRules(AbstractUpgradePolicyDataBuilder.java:182) at com.cisco.cpm.policy.configuration.upgrade.builder.UpgradePolicyDataBuilderRadius.buildUpgradeData(UpgradePolicyDataBuilderRadius.java:99) at com.cisco.cpm.policy.configuration.upgrade.PolicyUpgrade.upgradeLegacySetRadius(PolicyUpgrade.java:394) at com.cisco.cpm.policy.configuration.upgrade.PolicyUpgrade.upgradeLegacySet(PolicyUpgrade.java:337) at com.cisco.cpm.policy.configuration.upgrade.PolicyUpgrade.upgradeLegacySets(PolicyUpgrade.java:213) at com.cisco.cpm.ups.upgrade.impl.PolicyUpgradeHandler.importData(PolicyUpgradeHandler.java:67) at com.cisco.cpm.ups.upgrade.UpgradeHandler.exportAndImport(UpgradeHandler.java:38) ... 4 more Error while applying changes in version: 2.3.0.100 class: com.cisco.cpm.ups.upgrade.impl.UPSUpgradeHandler com.cisco.cpm.infrastructure.upgrade.api.UpgradeFailureException: Failed to upgrade to version 2.3.0.100: java.lang.NullPointerException at com.cisco.cpm.ups.upgrade.impl.UPSUpgradeHandler.upgrade(UPSUpgradeHandler.java:162) at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.UpgradeServices(UpgradeServiceRegistrar.java:132) at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.main(UpgradeServiceRegistrar.java:185) ERROR! isedataupgrade.sh FAILED. ISE GLOBAL DATA UPGRADE FAILED
Solved! Go to Solution.
07-19-2019 07:41 AM
07-19-2019 05:53 AM
07-19-2019 07:08 AM
Unfortunately, I created a really new Rule (ASA FW Rule NEW) from scratch with the same values as the old one. But the result is the same.
All Device Types is system Network Device Group and it can't be changed.
@@@ PsUpgrade: debug- :Trying to rebuildConditionDataForNameValue for: lhsAttrId:DEVICE.Device Type rhsString:Device Type#All Device Types#ASA FW @@@ PsUpgrade: info- :Successfully rebuildConditionDataForNameValue for: lhsAttrId:DEVICE.Device Type rhsString:All Device Types#ASA FW @@@ PsUpgrade: debug- :Reading Authentication rules for Policy Set ASA FW Rule NEW @@@ PsUpgrade: debug- :Reading Default Authentication rule for Policy Set ASA FW Rule NEW @@@ PsUpgrade: debug- :Build authentication result data for default rule of Policy Set ASA FW Rule NEW isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET -->validatePolicyMode, isArrivingFromPolicySetAPI= true isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET -->validatePolicyMode, PolicySetRestService.isPolicySetModeActivated() = true isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET @@@ PsUpgrade: debug- :Built authentication result for rule Default with following attributes: Identity Source=All_User_ID_Stores, If Auth fail=REJECT, If Process fail=DROP, If User not found=REJECT @@@ PsUpgrade: debug- :Found 1 non default Authentication rules for Policy Set ASA FW Rule NEW @@@ PsUpgrade: debug- :Reading Authentication rule ASA VPN AuthC of Policy Set ASA FW Rule NEW @@@ PsUpgrade: warn- :Couldn't buildConditionDataForNameValue for: lhsAttrId:DEVICE.Device Type rhsString:null:Device Type#All Device Types#ASA FW, Will try to build it from rhs value com.cisco.cpm.policy.pal.PalException: Value for attribute is not a permitted option at com.cisco.cpm.policy.pal.policyCondition.ConditionsData.validateAllowedValues(ConditionsData.java:545) at
07-19-2019 07:41 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide