cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

87
Views
0
Helpful
3
Replies
Beginner

ISE 2.2 -> 2.4 URT fails at Data upgrade step 1/43, UPSUpgradeHandler

Hello,

URT test fails on ISE 2.2 Patch 14.
Can anybody read the log and tell me, what is wrong in the First Rule of Policy Set?

 

Running data upgrade on cloned database
- Data upgrade step 1/43, UPSUpgradeHandler(2.3.0.100)... Failed.
- Failed

 

Condition:Snímka obrazovky 2019-07-19 o 14.06.08.png

 

@@@ PsUpgrade:	debug- : Found allow value for Network Access:Protocol0:RADIUS
@@@ PsUpgrade:	warn- :Couldn't buildConditionDataForNameValue for: lhsAttrId:DEVICE.Device Type rhsString:null:Device Type#All Device Types#ASA FW, Will try to build it from rhs value
com.cisco.cpm.policy.pal.PalException: Value for attribute is not a permitted option
	at com.cisco.cpm.policy.pal.policyCondition.ConditionsData.validateAllowedValues(ConditionsData.java:545)
	at com.cisco.cpm.policy.pal.policyCondition.ConditionsData.initSimple(ConditionsData.java:438)
	at com.cisco.cpm.policy.pal.policyCondition.ConditionsData.<init>(ConditionsData.java:299)
	at com.cisco.cpm.policy.configuration.upgrade.PolicyUpgradeUtil.buildConditionDataForNameValue(PolicyUpgradeUtil.java:947)
	at com.cisco.cpm.policy.configuration.upgrade.builder.UpgradeNetAccessRuleBuilder.buildConditionDataClauseSimple(UpgradeNetAccessRuleBuilder.java:152)
	at com.cisco.cpm.policy.configuration.upgrade.builder.UpgradeNetAccessRuleBuilder.buildConditionDataClauses(UpgradeNetAccessRuleBuilder.java:99)
	at com.cisco.cpm.policy.configuration.upgrade.builder.UpgradeNetAccessRuleBuilder.buildRuleConditionData(UpgradeNetAccessRuleBuilder.java:70)
	at com.cisco.cpm.policy.configuration.upgrade.builder.AbstractUpgradePolicyDataBuilder.buildNetAccessRuleConditionData(AbstractUpgradePolicyDataBuilder.java:78)
	at com.cisco.cpm.policy.configuration.upgrade.builder.UpgradePolicyDataBuilderRadius.buildNetAccessRuleConditionData(UpgradePolicyDataBuilderRadius.java:200)
	at com.cisco.cpm.policy.configuration.upgrade.builder.AbstractUpgradePolicyDataBuilder.buildPSLevelConditionsData(AbstractUpgradePolicyDataBuilder.java:64)
	at com.cisco.cpm.policy.configuration.upgrade.builder.UpgradePolicyDataBuilderRadius.buildUpgradeData(UpgradePolicyDataBuilderRadius.java:76)
	at com.cisco.cpm.policy.configuration.upgrade.PolicyUpgrade.upgradeLegacySetRadius(PolicyUpgrade.java:394)
	at com.cisco.cpm.policy.configuration.upgrade.PolicyUpgrade.upgradeLegacySet(PolicyUpgrade.java:337)
	at com.cisco.cpm.policy.configuration.upgrade.PolicyUpgrade.upgradeLegacySets(PolicyUpgrade.java:213)
	at com.cisco.cpm.ups.upgrade.impl.PolicyUpgradeHandler.importData(PolicyUpgradeHandler.java:67)
	at com.cisco.cpm.ups.upgrade.UpgradeHandler.exportAndImport(UpgradeHandler.java:38)
	at com.cisco.cpm.ups.upgrade.UpgradeHandler.execUpgrade(UpgradeHandler.java:29)
	at com.cisco.cpm.ups.upgrade.impl.UPSUpgradeHandler.upgrade(UPSUpgradeHandler.java:154)
	at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.UpgradeServices(UpgradeServiceRegistrar.java:132)
	at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.main(UpgradeServiceRegistrar.java:185)
@@@ PsUpgrade:	debug- :Trying to rebuildConditionDataForNameValue  for: lhsAttrId:DEVICE.Device Type rhsString:Device Type#All Device Types#ASA FW
@@@ PsUpgrade:	info- :Successfully rebuildConditionDataForNameValue for: lhsAttrId:DEVICE.Device Type rhsString:All Device Types#ASA FW
@@@ PsUpgrade:	debug- :Reading Authentication rules for Policy Set ASA FW Rule
@@@ PsUpgrade:	debug- :Reading Default Authentication rule for Policy Set ASA FW Rule
@@@ PsUpgrade:	debug- :Build authentication result data for default rule  of Policy Set  ASA FW Rule
isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET
-->validatePolicyMode, isArrivingFromPolicySetAPI= true
isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET
-->validatePolicyMode, PolicySetRestService.isPolicySetModeActivated() = true
isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET
@@@ PsUpgrade:	debug- :Built authentication result for rule Default with following attributes: Identity Source=Internal Users, If Auth fail=REJECT, If Process fail=DROP, If User not found=REJECT
@@@ PsUpgrade:	debug- :Found 1 non default Authentication rules for Policy Set ASA FW Rule
@@@ PsUpgrade:	debug- :Reading Authentication rule ASA VPN AuthC  of Policy Set  ASA FW Rule
@@@ PsUpgrade:	debug- :About to get condition RHS display value for Network Access with attribute Protocol
@@@ PsUpgrade:	debug- :Network Access:Protocol has allow values enumeration
@@@ PsUpgrade:	debug- : Found allow value for Network Access:Protocol0:RADIUS
@@@ PsUpgrade:	warn- :Couldn't buildConditionDataForNameValue for: lhsAttrId:DEVICE.Device Type rhsString:null:Device Type#All Device Types#ASA FW, Will try to build it from rhs value
com.cisco.cpm.policy.pal.PalException: Value for attribute is not a permitted option
	at com.cisco.cpm.policy.pal.policyCondition.ConditionsData.validateAllowedValues(ConditionsData.java:545)
	at com.cisco.cpm.policy.pal.policyCondition.ConditionsData.initSimple(ConditionsData.java:438)
	at com.cisco.cpm.policy.pal.policyCondition.ConditionsData.<init>(ConditionsData.java:299)
	at com.cisco.cpm.policy.configuration.upgrade.PolicyUpgradeUtil.buildConditionDataForNameValue(PolicyUpgradeUtil.java:947)
	at com.cisco.cpm.policy.configuration.upgrade.builder.UpgradeNetAccessRuleBuilder.buildConditionDataClauseSimple(UpgradeNetAccessRuleBuilder.java:152)
	at com.cisco.cpm.policy.configuration.upgrade.builder.UpgradeNetAccessRuleBuilder.buildConditionDataClauses(UpgradeNetAccessRuleBuilder.java:99)
	at com.cisco.cpm.policy.configuration.upgrade.builder.UpgradeNetAccessRuleBuilder.buildRuleConditionData(UpgradeNetAccessRuleBuilder.java:70)
	at com.cisco.cpm.policy.configuration.upgrade.builder.AbstractUpgradePolicyDataBuilder.buildNetAccessRuleConditionData(AbstractUpgradePolicyDataBuilder.java:78)
	at com.cisco.cpm.policy.configuration.upgrade.builder.UpgradePolicyDataBuilderRadius.buildNetAccessRuleConditionData(UpgradePolicyDataBuilderRadius.java:200)
	at com.cisco.cpm.policy.configuration.upgrade.builder.AbstractUpgradePolicyDataBuilder.buildAuthenticationRules(AbstractUpgradePolicyDataBuilder.java:128)
	at com.cisco.cpm.policy.configuration.upgrade.builder.UpgradePolicyDataBuilderRadius.buildUpgradeData(UpgradePolicyDataBuilderRadius.java:96)
	at com.cisco.cpm.policy.configuration.upgrade.PolicyUpgrade.upgradeLegacySetRadius(PolicyUpgrade.java:394)
	at com.cisco.cpm.policy.configuration.upgrade.PolicyUpgrade.upgradeLegacySet(PolicyUpgrade.java:337)
	at com.cisco.cpm.policy.configuration.upgrade.PolicyUpgrade.upgradeLegacySets(PolicyUpgrade.java:213)
	at com.cisco.cpm.ups.upgrade.impl.PolicyUpgradeHandler.importData(PolicyUpgradeHandler.java:67)
	at com.cisco.cpm.ups.upgrade.UpgradeHandler.exportAndImport(UpgradeHandler.java:38)
	at com.cisco.cpm.ups.upgrade.UpgradeHandler.execUpgrade(UpgradeHandler.java:29)
	at com.cisco.cpm.ups.upgrade.impl.UPSUpgradeHandler.upgrade(UPSUpgradeHandler.java:154)
	at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.UpgradeServices(UpgradeServiceRegistrar.java:132)
	at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.main(UpgradeServiceRegistrar.java:185)
@@@ PsUpgrade:	debug- :Trying to rebuildConditionDataForNameValue  for: lhsAttrId:DEVICE.Device Type rhsString:Device Type#All Device Types#ASA FW
@@@ PsUpgrade:	info- :Successfully rebuildConditionDataForNameValue for: lhsAttrId:DEVICE.Device Type rhsString:All Device Types#ASA FW
@@@ PsUpgrade:	debug- :Build authentication result data for rule ASA VPN AuthC in Policy Set ASA FW Rule
isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET
-->validatePolicyMode, isArrivingFromPolicySetAPI= true
isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET
-->validatePolicyMode, PolicySetRestService.isPolicySetModeActivated() = true
isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET
@@@ PsUpgrade:	debug- :Build authentication rule result data for outer rule ASA VPN AuthC
@@@ PsUpgrade:	debug- :Reading authentication inner rules for PS: ASA FW Rule
@@@ PsUpgrade:	debug- :Build authentication rule result data for outer default rule
isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET
-->validatePolicyMode, isArrivingFromPolicySetAPI= true
isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET
-->validatePolicyMode, PolicySetRestService.isPolicySetModeActivated() = true
isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET
Retrived the data from Handlercom.cisco.cpm.ups.upgrade.impl.PolicyUpgradeHandler]
com.cisco.cpm.infrastructure.upgrade.api.UpgradeFailureException: java.lang.NullPointerException
	at com.cisco.cpm.ups.upgrade.UpgradeHandler.exportAndImport(UpgradeHandler.java:41)
	at com.cisco.cpm.ups.upgrade.UpgradeHandler.execUpgrade(UpgradeHandler.java:29)
	at com.cisco.cpm.ups.upgrade.impl.UPSUpgradeHandler.upgrade(UPSUpgradeHandler.java:154)
	at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.UpgradeServices(UpgradeServiceRegistrar.java:132)
	at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.main(UpgradeServiceRegistrar.java:185)
Caused by: java.lang.NullPointerException
	at com.cisco.cpm.policy.configuration.upgrade.builder.AbstractUpgradePolicyDataBuilder.buildAuthenticationRuleResultDataForOuterDefaultRule(AbstractUpgradePolicyDataBuilder.java:284)
	at com.cisco.cpm.policy.configuration.upgrade.builder.AbstractUpgradePolicyDataBuilder.buildAuthenticationInnerRules(AbstractUpgradePolicyDataBuilder.java:182)
	at com.cisco.cpm.policy.configuration.upgrade.builder.UpgradePolicyDataBuilderRadius.buildUpgradeData(UpgradePolicyDataBuilderRadius.java:99)
	at com.cisco.cpm.policy.configuration.upgrade.PolicyUpgrade.upgradeLegacySetRadius(PolicyUpgrade.java:394)
	at com.cisco.cpm.policy.configuration.upgrade.PolicyUpgrade.upgradeLegacySet(PolicyUpgrade.java:337)
	at com.cisco.cpm.policy.configuration.upgrade.PolicyUpgrade.upgradeLegacySets(PolicyUpgrade.java:213)
	at com.cisco.cpm.ups.upgrade.impl.PolicyUpgradeHandler.importData(PolicyUpgradeHandler.java:67)
	at com.cisco.cpm.ups.upgrade.UpgradeHandler.exportAndImport(UpgradeHandler.java:38)
	... 4 more
 Error while applying changes in version: 2.3.0.100 class: com.cisco.cpm.ups.upgrade.impl.UPSUpgradeHandler
com.cisco.cpm.infrastructure.upgrade.api.UpgradeFailureException: Failed to upgrade to version 2.3.0.100: java.lang.NullPointerException
	at com.cisco.cpm.ups.upgrade.impl.UPSUpgradeHandler.upgrade(UPSUpgradeHandler.java:162)
	at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.UpgradeServices(UpgradeServiceRegistrar.java:132)
	at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.main(UpgradeServiceRegistrar.java:185)
ERROR! isedataupgrade.sh FAILED. ISE GLOBAL DATA UPGRADE FAILED

 

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ISE 2.2 -> 2.4 URT fails at Data upgrade step 1/43, UPSUpgradeHandler

Please work through the TAC as they should help you and make sure everything is good before you proceed. They can also use their knowledge and open bugs if necessary. Make sure you are running the latest patch as well before running the tool
3 REPLIES 3
Cisco Employee

Re: ISE 2.2 -> 2.4 URT fails at Data upgrade step 1/43, UPSUpgradeHandler

Looks like there is a white space before “Device Type#All Device Types#ASA FW”. Please rebuild that condition and it should go through. If you have similar rules, recommend you to do the same for them as well.
Beginner

Re: ISE 2.2 -> 2.4 URT fails at Data upgrade step 1/43, UPSUpgradeHandler

Unfortunately, I created a really new Rule (ASA FW Rule NEW) from scratch with the same values as the old one. But the result is the same.
All Device Types is system Network Device Group and it can't be changed.

 

@@@ PsUpgrade:	debug- :Trying to rebuildConditionDataForNameValue  for: lhsAttrId:DEVICE.Device Type rhsString:Device Type#All Device Types#ASA FW
@@@ PsUpgrade:	info- :Successfully rebuildConditionDataForNameValue for: lhsAttrId:DEVICE.Device Type rhsString:All Device Types#ASA FW
@@@ PsUpgrade:	debug- :Reading Authentication rules for Policy Set ASA FW Rule NEW
@@@ PsUpgrade:	debug- :Reading Default Authentication rule for Policy Set ASA FW Rule NEW
@@@ PsUpgrade:	debug- :Build authentication result data for default rule  of Policy Set  ASA FW Rule NEW
isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET
-->validatePolicyMode, isArrivingFromPolicySetAPI= true
isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET
-->validatePolicyMode, PolicySetRestService.isPolicySetModeActivated() = true
isPolicySetModeActivated --> pss.getPolicySetMode() = POLICY_SET
@@@ PsUpgrade:	debug- :Built authentication result for rule Default with following attributes: Identity Source=All_User_ID_Stores, If Auth fail=REJECT, If Process fail=DROP, If User not found=REJECT
@@@ PsUpgrade:	debug- :Found 1 non default Authentication rules for Policy Set ASA FW Rule NEW
@@@ PsUpgrade:	debug- :Reading Authentication rule ASA VPN AuthC  of Policy Set  ASA FW Rule NEW
@@@ PsUpgrade:	warn- :Couldn't buildConditionDataForNameValue for: lhsAttrId:DEVICE.Device Type rhsString:null:Device Type#All Device Types#ASA FW, Will try to build it from rhs value
com.cisco.cpm.policy.pal.PalException: Value for attribute is not a permitted option
	at com.cisco.cpm.policy.pal.policyCondition.ConditionsData.validateAllowedValues(ConditionsData.java:545)
	at 
Cisco Employee

Re: ISE 2.2 -> 2.4 URT fails at Data upgrade step 1/43, UPSUpgradeHandler

Please work through the TAC as they should help you and make sure everything is good before you proceed. They can also use their knowledge and open bugs if necessary. Make sure you are running the latest patch as well before running the tool