This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I have just upgraded a 4 node cluster from 2.3 to 2.4 and have run into a few issues.
After upgrade which took over 30 hours I can no longer sync nodes as they all report upgrade in process.
If i remove a node from the cluster and try and re-add it I get an error popup with no information.
I am not getting VMware license errors which is to be expected.
I just has the security team check and we have our ISE nodes DMZ and found since the upgrade the following ports getting blocked. I have asked them to allow these ports in tonights firewall burn so should know tomorrow.
To me, it does not seem an issue with either those blocked ports or URT. For those blocked ports, they are not essential for the sync operation during an ISE node registration. And, your upgrade went through fine so not an issue URT can help with.
As you already have a TAC case, TAC will help looking at the debug logs and further troubleshooting.
TAC has been opened for about a month now and seems to have been fixed yesterday. I rebuilt several of the nodes to a fresh 2.4 install and re-added them to a prompted ISE nodes other than the original primary node.
Had several DEV on 3 tac calls looking at the DB and OS layer and they seem to think it was an issue with the OS trying to address a swap file which was to small or something. I have not gotten the final outcome of the tac case but they did say there would be a BugID coming for it.
TLDR; some of the nodes did not upgrade correctly and a rebuild seems to have fixed it.