cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
This month's topic is ISE Wired Access to show you how to configure 802.1X on a switch!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

838
Views
27
Helpful
7
Replies
Highlighted
Beginner

ISE 2.3 to 2.4 issues.

I have just upgraded a 4 node cluster from 2.3 to 2.4 and have run into a few issues.

After upgrade which took over 30 hours I can no longer sync nodes as they all report upgrade in process.

If i remove a node from the cluster and try and re-add it I get an error popup with no information.

I am not getting VMware license errors which is to be expected.

Capture.PNG7d8d8e66-fd0c-4fcd-abba-254b41fa1794.pngb0a8e129-8074-4b56-b346-2aa5358a47a5.png911b9b27-a460-4831-ad1d-4a9a45563c78.png

Everyone's tags (4)
7 REPLIES 7
Beginner

Re: ISE 2.3 to 2.4 issues.

I have already lodged a TAC before you advise.

Beginner

Re: ISE 2.3 to 2.4 issues.

I just has the security team check and we have our ISE nodes DMZ and found since the upgrade the following ports getting blocked. I have asked them to allow these ports in tonights firewall burn so should know tomorrow.

  • TCP 80
  • TCP 443
  • TCP 1521
  • TCP 12001
  • TCP 7800
  • TCP 6514 << blocked
  • TCP 8910 << blocked
  • TCP 2560 << blocked
  • TCP 5222 << blocked
  • TCP 9300 << blocked
  • UDP 20514
  • TCP 1468
  • TCP 8910
Cisco Employee

Re: ISE 2.3 to 2.4 issues.

Hi Simon,

Did you use the Upgrade Readiness Tool (URT) before attempting the upgrade?

Regards,

-Tim

Beginner

Re: ISE 2.3 to 2.4 issues.

I only found out about that tool post install.

Cisco Employee

Re: ISE 2.3 to 2.4 issues.

To me, it does not seem an issue with either those blocked ports or URT. For those blocked ports, they are not essential for the sync operation during an ISE node registration. And, your upgrade went through fine so not an issue URT can help with.

As you already have a TAC case, TAC will help looking at the debug logs and further troubleshooting.

Contributor

Re: ISE 2.3 to 2.4 issues.

Do you think the upgrade readiness tool would have caught the above issue? I.E.,the installation completed, but there were errors.

Beginner

Re: ISE 2.3 to 2.4 issues.

Hi All,

TAC has been opened for about a month now and seems to have been fixed yesterday. I rebuilt several of the nodes to a fresh 2.4 install and re-added them to a prompted ISE nodes other than the original primary node.

Had several DEV on 3 tac calls looking at the DB and OS layer and they seem to think it was an issue with the OS trying to address a swap file which was to small or something. I have not gotten the final outcome of the tac case but they did say there would be a BugID coming for it.

TLDR; some of the nodes did not upgrade correctly and a rebuild seems to have fixed it.