This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Hello, I upgraded my ISE deployment to ISE 2.2 patch 11. I see that ISE 2.2 patch 11 has since been deferred.
What does Cisco recommend as the stable ISE 2.2 Patch release? Should we wait for Patch 12 or roll back to 9 or 10?
SEVT on Oct 7-13 recommended ISE 2.2 Patch 9. Just wondering if this is still the Cisco recommended patch release?
Solved! Go to Solution.
It's a fair question, and one that's becoming increasingly difficult to answer. I've shared some feedback with a few folks at Cisco regarding patches lately:
And now, patch 11 has been recalled. In my opinion, more rigor needs to be applied to patching. I'm very much a fan of Continuous Improvement, and rapid releases... but this methodology, when applied appropriately, should not introduce the number of flaws we've seen lately with these patches.
This often leaves us in a difficult position when TAC is advising us to patch ISE before further troubleshooting can occur, but the patch they would like us to move to will knowingly introduce additional issues.
We recently upgraded from patch 9 to 11. Everything was stable in 9. Under patch 11 we lost all authentication against AD. Under TAC advisement we rolled back to 10 on a few nodes which broke the application services, effectively killing our entire deployment. We have since rebuilt the broken nodes back to 11 but still do not have AD authentication working.
I would recommend holding on 9 until all of this gets sorted out...
If ISE 2.2 Patch 11 is working fine in your deployment, please keep it as it is for now. If you are planning to rollback, please engage Cisco TAC, due to CSCvm92278.