Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1502
Views
5
Helpful
5
Replies

Cisco ISE 3.3 patch-7

adamscottmaster2013
Level 4
Level 4

‎07-24-2025 05:47 AM

Good morning technology people,

Has anyone applied patch-7 on your 3.3 ISE environment?  I am almost 100% that this patch is NOT thoroughly tested by Cisco prior to releasing it.  I have to patch my 3.3 patch-6 system in about two weeks (due to security issues).  I would like to know if anyone has run into any issues after applying patch-7.

TIA...

1 person had this problem
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎07-24-2025 07:18 AM 

 I am almost 100% that this patch is NOT thoroughly tested by Cisco prior to releasing it.

Its all depends on environment, i am testing in my Lab, have some good testing once, not seen any issue, if you have distributed environment apply the patch to one of the node and monitor., if any issue we always rely on TAC, since they are SME to answer.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Marcelo Morais
VIP
VIP

‎07-24-2025 11:31 AM

Hi @adamscottmaster2013 ,

 I already applied ISE 3.3 P7 on ISE Clusters with 4x Nodes, 12x Nodes and 14x Nodes ... so far so good !!!

 

Note: VM Clusters using 3755 and 3795.

 

Hope this helps !!!

 

0 Helpful

Arne Bier
VIP
VIP

‎07-24-2025 01:20 PM

I applied patch 7 on top of patch 6 in two separate deployments. In both cases, no issues. But in the second deployment (large distributed) one of my PSNs didn't take the patch and, even after multiple reboots and application resets, I could not revive the node - it was trashed. I deleted and rebuilt the VM. Very odd, because this deployment has been patched a few times and never had any issues. I give my PSN's 300GB disk, and I wonder if that is truly too small, because the issue might have been related to the database that didn't recover. Even though it was just a PSN, I think there comes a point (bug) where the Oracle just gets trashed because of the 300GB. There is plenty of free disk - but not on the database partition. No idea - I didn't open a TAC case for this. 

Marcelo Morais
VIP
VIP
In response to Arne Bier

‎07-24-2025 02:09 PM

@Arne Bier ,

 interesting ... all the Cluster that I upgraded to 3.3 P7 were 600GB (PAN and PSN) and 2TB (MnT).

 

muinclude
Level 1
Level 1

‎08-19-2025 12:19 AM

After upgrading from ISE 3.3.0 Patch 6 to Patch 7, I noticed the following issue:

  • When devices lose their connection to ISE and then reconnect, users configured in ISE are unable to log in to the devices.

  • The following error is shown:
    13017 Received TACACS+ packet from unknown Network Device or AAA Client

    Workaround:
    Deleting and re-adding the affected device in ISE resolves the issue and normal login is restored.

    Impact:
    This affects any device that temporarily loses connection with ISE and then tries to authenticate, causing administrative logins to fail until the device is re-registered.

    Request:
    Has anyone else observed this behavior on Patch 7? Is there a recommended fix or a planned patch addressing this issue?



0 Helpful
Customers Also Viewed These Support Documents