cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3174
Views
35
Helpful
8
Replies

Cisco ISE 2.2 - Most recent stable patch release

CB90021204
Level 1
Level 1

Hello, I upgraded my ISE deployment to ISE 2.2 patch 11. I see that ISE 2.2 patch 11 has since been deferred.

 

What does Cisco recommend as the stable ISE 2.2 Patch release? Should we wait for Patch 12 or roll back to 9 or 10? 

 

SEVT on Oct 7-13 recommended ISE 2.2 Patch 9. Just wondering if this is still the Cisco recommended patch release?

 

Thanks,

 

 

 

1 Accepted Solution

Accepted Solutions

My TAC case on this issue reported it is planned to be fixed in the Patch 12 release. 

View solution in original post

8 Replies 8

Cory Peterson
Level 5
Level 5

In the very near future ISE 2.4 Patch 4 will be the recommended version of ISE. 

 

I would expect this in the next couple weeks.

anthonylofreso
Level 4
Level 4

It's a fair question, and one that's becoming increasingly difficult to answer. I've shared some feedback with a few folks at Cisco regarding patches lately:

    • New patches consistently break existing functionality, or introduce new bugs. Examples

And now, patch 11 has been recalled. In my opinion, more rigor needs to be applied to patching. I'm very much a fan of Continuous Improvement, and rapid releases... but this methodology, when applied appropriately, should not introduce the number of flaws we've seen lately with these patches.

This often leaves us in a difficult position when TAC is advising us to patch ISE before further troubleshooting can occur, but the patch they would like us to move to will knowingly introduce additional issues.

I won't argue with you on that, it's painful. For what it's worth, 2.4 has been pretty stable for us lately, we had some early issues with high impact, but we were able to have hot fixes generated. All of the main issues we were facing are now addressed in patch 4. It shows some promise of increased software quality. Too many regressions and recalled patches in the past year.

We recently upgraded from patch 9 to 11. Everything was stable in 9. Under patch 11 we lost all authentication against AD. Under TAC advisement we rolled back to 10 on a few nodes which broke the application services, effectively killing our entire deployment. We have since rebuilt the broken nodes back to 11 but still do not have AD authentication working.

 

I would recommend holding on 9 until all of this gets sorted out... 

hslai
Cisco Employee
Cisco Employee

If ISE 2.2 Patch 11 is working fine in your deployment, please keep it as it is for now. If you are planning to rollback, please engage Cisco TAC, due to CSCvm92278.

Thanks everyone for your comments. We are hitting bug CSCvm80261 on patch 11, not aware of anything else yet. Will remain on patch 11. 

We're also running into CSCvm80261 on patch 10 on two of our regional deployments.  

My TAC case on this issue reported it is planned to be fixed in the Patch 12 release.