cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
34119
Views
15
Helpful
14
Replies

Cisco ISE FTP backup failed

KevinMuller
Level 1
Level 1

Hi all,

I try to use the backup feature in Cisco ISE but after configured an FTP, every backup failed.

My FTP server is a Windows Server 2008 and I can create, modify and delete files in the root folder if I use a classical FTP Client as Filezilla from my workstation which is in the same VLAN than my Cisco ISE, so I think it's not an account problem and not a firewall or security issue.

Here the result when I use the CLI :

ADLUISE01/admin# backup TestFTP repository FTP-Repository ise-operational encryption-key plain *******
% Creating backup with timestamped filename: TestFTP-OPS-140625-1542.tar.gpg
% backup in progress: Starting Backup...10% completed
% backup in progress: starting dbbackup using expdp.......20% completed
% backup in progress: starting cars logic.......50% completed
% backup in progress: Moving Backup file to the repository...75% completed
% File transfer error

 

Thanks for you help!

Kévin

1 Accepted Solution

Accepted Solutions

andrew.munday
Level 1
Level 1

Firstly, you can validate your repo connection in GUI by checking the repo in repo configuration and clicking Validate.

 

If you're having issues validating with a message saying something along the lines of ssh error, you can try this;

- confirm the hostname in your repo config (hostname or IP)

- ssh into the ISE node and run a ssh session to the repo hostname or IP

- accept the key

 

After this, try again. If you previously had no encryption key accepted, the GUI doesn't recognise this for some reason and so performing a SSH through CLI will grab the keys.

 

Hope this helps..

View solution in original post

14 Replies 14

mohanak
Cisco Employee
Cisco Employee

Backup Failures

If backup fails, check the following:

  • Make sure that no other backup is running at the same time.
  • Check the available disk space for the configured repository.

Monitoring backup fails if the monitoring data takes up more than 75% of the allocated monitoring database size. For example, if your Monitoring node is allocated 600 GB, and the monitoring data takes up more than 450 GB of storage, then monitoring backup fails.

If the database disk usage is greater than 90%, a purge occurs to bring the database size to less than or equal to 75% of its allocated size.

  • Verify if a purge is in progress. Backup and restore operations will not work while a purge is in progress.
  • Verify if the repository is configured correctly.

Supringly a lot of cisco TAC engineers don't seem to understand the issue of ISE and FTP and why it failed. 

 

The answer is "depending on the type of FTP server" you're running.  In my situation, I have different flavor of Gentoo Linux and CentOS linux.  With CentOS linux, you have to specific declare the home directory of the FTP server.  For example, let say you want to backup ISE to a directory under the account isebackup on the centOS, you have to declare "/home/isebackup" under the directory in ISE. 

With Gentoo linux, you can declare however you see fit and it will work
 

I don't have much experience with FTP running on Windows  but  I know the ISE backup via FTP works well with both Gentoo and CentOS linux with my first-hand knowledge.

That being said, I rather prefer sftp over ftp for ease of use and better security when transferring files across the network.

Thanks for your answers.

Actually, I cannot use a Linux server even if I know it would be better, but we have only Windows Server in our company, so I have to adapt myself.

I have also checked every points of mohanak but everything seems to be good and I still do whatever I want with a classic FTP client.

Do you knows some commands or tips to troubleshoot this problem on ISE or IIS?

 

Thanks!

I quit my last job because the place had lot of idiots because they are running Windows.  Real Engineers use Open/Free BSD, Linux or Solaris.  Only network wannabe use Windows.

 

joking aside, I think the best thing for you to do is to run "wireshark" on the Windows server and start capturing traffics from the ISE to the IIS server.  Because FTP is "clear-text" traffics, you will be able to decode the data and it will tell you why FTP failed. 

 

My guess is that it has to do with directory, not directory permission but directory in general.

Hi Cisco,

ISE backup is failing with the following error message

DB BACKUP FAILED : RMAN-03002: failure of transport tablespace command at 04/11/2016 23:13:39. Backup aborted

All was working fine. Tried the option of Backup now and that too got failed. Percentage is showing 20% and it fails with the above error message. Please suggest what to be done on this.

Hi deepuvarghese1,

On looking at the error I could say that there could be an issue within ISE that is preventing the required objects to be backed up. I would request to open a service request with TAC so that they can fix this issue by going into the CLI.

Thanks,

Naresh

Hi Naresh,

Thank you for the reply. Shall we do an application restart on ISE primary admin node?. Will that fix the issue. What do you think?

Regards,

Deepu

Hi Sir,

 

Any updates for this issue? i'm facing this case today

 

Thank You

Nohfendi

Create using GUI an external FTP/TFTP repository XXX (not from CLI) and then from CLI run a SHOW REPOSITORY XXX). Where XXX is the Windows Server External repository on my case. If the SHOW command provides you output then the communication to the external repository from ISE is ok so the backup should work with no issues. See next:

 

IF the ISE GUI configuration for the remote FTP/TFTP Repository is correct and the user configured has the right privileges to access the remote server folder, your CLI output should look like:

 

isenode/admin# show run
!
repository ISEBCK
  url ftp://10.10.10.10/ISE/
  user ISE_Bck password hash YYYYYYYYYYYYYY
repository localdisk
  url disk:/
!
!
isenode/admin# show repository ISEBCK   -- > TO TEST connectivity from ISE to remote Backup Server
ISE01_CONFIG_BCK-CFG-180330-2100.tar.gpg                         
ISE01_Operational_BCK-OPS-180330-2330.tar.gpg                     
                
isenode/admin#

 

repository.pngrepository1.png

 

 

 

Naresh Ginjupalli
Cisco Employee
Cisco Employee

Hi Kevin,

If possible can you try listing the files in repository from ISE CLI by using the command 'show repository <NAME OF REPOSITORY>' once after repository is created.

Also When you are trying to do this operation , can you please collect the logs from FTP server.

Also you may get some information on why file transfer is failing from the ISE log file ADE.log.

David Pease
Level 1
Level 1

Kevin, 

 

can you please give a rundown of how you have the FTP repository as well as the scheduled job configured?   FTP?  SFTP?  ect...

 

I ran into some issues a while back with setting up the FTP backups as well, and I was forced to do quite a bit of research on the matter.   While some users on here may prefer to use one operating system over others, that is their personal opinion, and is not helpful at all in solving your issue.

 

 

andrew.munday
Level 1
Level 1

Firstly, you can validate your repo connection in GUI by checking the repo in repo configuration and clicking Validate.

 

If you're having issues validating with a message saying something along the lines of ssh error, you can try this;

- confirm the hostname in your repo config (hostname or IP)

- ssh into the ISE node and run a ssh session to the repo hostname or IP

- accept the key

 

After this, try again. If you previously had no encryption key accepted, the GUI doesn't recognise this for some reason and so performing a SSH through CLI will grab the keys.

 

Hope this helps..

Thank you!  In my case, I did restore from backup but never accepted the SSH key again :)

DNOC
Level 1
Level 1

Don't know if this will help anyone else, but I had a similar issue trying to copy an upgrade file FROM an FTP server TO the ISE local disk. Logged in via CLI and tried the FTP command below but it didn't work, failing with Error Transfer Failed.

 

Eventually found that my disk was full (#facepalm). Did a dir and there was 0 bytes free. Deleted a load of old backup files that were no longer needed plus a previous upgrade file; del disk:/[FILENAME] and then the transfer worked, though in usual FTP way it just sat there for ages until revealing it had worked.

 

Must remember to delete the upgrade file once the upgrade is done this time! :)