cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

297
Views
10
Helpful
3
Replies
Highlighted
Contributor

ISE 2.4 issue with deleting a certificate CSCvj11476 - Running URT and Upgrade

I am having a similar issue to the above bug.  I am running ISE 2.3 patch 1.  When I try to run the URT, i get a certificate error and it stops running.  Will this effect the patch and upgrade process?

Everyone's tags (7)
1 ACCEPTED SOLUTION

Accepted Solutions
Contributor

Re: ISE 2.4 issue with deleting a certificate CSCvj11476 - Running URT and Upgrade

I was running ISE 2.4 patch 1. I could not delete a certificate out. It was causing the URT to fail.  I went ahead and applied patch 5.  The reason I did not contact TAC was the bug is listed as a low priority. If the bug is a low priority, it must not be causing too many real issues with operation or upgrading (that is my logic).  The patch installed successfully.  After the patch was complete, the suspect certificate is gone as well.

3 REPLIES 3
VIP Engager

Re: ISE 2.4 issue with deleting a certificate CSCvj11476 - Running URT and Upgrade

There was also another bug related to ghost certificates, where if you ever changed the hostname of a node, certs would not get removed from the store. So if you ever changed the hostname, it would give TAC a direction. I'm not 100% certain on this, but I've been under the assumption that if the URT fails on any of it's list of steps, then the upgrade bundle will hit the same snag. One way to check would be to build a temp 2.4 vm, restore your backup, and see how it goes.

I would check both the system certificates and trust certificates for any expired certs. If you can't see the issue then the next step is get TAC involved to correct the issue. The reason the URT exists is to open preemptive cases to fix any issues like this, chances are they have dealt with it before.
Contributor

Re: ISE 2.4 issue with deleting a certificate CSCvj11476 - Running URT and Upgrade

I was running ISE 2.4 patch 1. I could not delete a certificate out. It was causing the URT to fail.  I went ahead and applied patch 5.  The reason I did not contact TAC was the bug is listed as a low priority. If the bug is a low priority, it must not be causing too many real issues with operation or upgrading (that is my logic).  The patch installed successfully.  After the patch was complete, the suspect certificate is gone as well.

Contributor

Re: ISE 2.4 issue with deleting a certificate CSCvj11476 - Running URT and Upgrade

Adding patch 5 worked.  It gave me information on where to remove the certificate, from Syslog targets, I changed cert and could proceed with the 2.6 upgrade.