Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2910
Views
5
Helpful
5
Replies

cisco ise has two primary active pan nodes

Go to solution
Comtrackllc
Level 1
Level 1

‎12-30-2018 12:49 PM

Dears,

 

I deployed distributed ise nodes with five nodes.

The two nodes are pan and three nodes are psn.

but now I have two primary active pan and I can`t remove any of them.

 

May you please help me to remove one of them or change it to secondary pan.

ise-dep.jpgise-s.jpgise-p.jpg

 

 

 

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aravind Ravichandran
Level 3
Level 3
In response to Sheraz.Salim

‎12-31-2018 02:04 AM

Hello,

Even if you power-off the vm, the PAN entry will be there in PSNs and other node as Primary node.Am afraid if you even power off the vm it won't allow you to deregister it from the deployment as it was registered as primary node.

 

Also when 2 Admin node is already exist in a deployment, you can't introduce a third PAN in it.

 

Please contact TAC, they will change the node value as secondary admin in DB on all the nodes.

-Aravind

View solution in original post

5 Replies 5

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni

‎12-30-2018 01:01 PM - edited ‎12-30-2018 01:33 PM

You need to do ISE Node Deregistration. To remove a node from a deployment, you must deregister it. When you deregister a node from the Primary PAN, the status of the deregistered node changes to standalone and the connection between the primary and the node will be lost.

 

than you have to re-register again and you can check in the option set as what you want this node as.

 

 

 

just looking carefully seem like you having a split brain. your both nodes are Primary. having said that. bear in mind if you change the status of primary node to secondary it will restart the services.

 

ISE-P need to be a secondary node in your setup.

 

 

have a look on this link. https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html#wp1053327

please do not forget to rate.
0 Helpful

Go to solution
Comtrackllc
Level 1
Level 1
In response to Sheraz.Salim

‎12-31-2018 12:58 AM

Thanks for the support.

But when I select the pan node in the deployment page, deregister option change to gray and cannot select.

 

 ise-p deregister.pngise-s deregister.png

0 Helpful

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni
In response to Comtrackllc

‎12-31-2018 01:15 AM

This could be a lengthy process. I assume if this is a virtual setup you can power off the one node which you like from these two Primary nodes or you go to CLI of any these two nodes and give command config application reset ise. this command will reset the ISE node into its default setup wipe off everything from this node. but i suggest you to do the power off method. spin a new vm with ISE and register it as a secondary Admin node. once this done  and register as a secondary node you can delete the one ise you put off earlier.

unless you have a TAC support open case with them.

please do not forget to rate.
0 Helpful

Go to solution
Aravind Ravichandran
Level 3
Level 3
In response to Sheraz.Salim

‎12-31-2018 02:04 AM

Hello,

Even if you power-off the vm, the PAN entry will be there in PSNs and other node as Primary node.Am afraid if you even power off the vm it won't allow you to deregister it from the deployment as it was registered as primary node.

 

Also when 2 Admin node is already exist in a deployment, you can't introduce a third PAN in it.

 

Please contact TAC, they will change the node value as secondary admin in DB on all the nodes.

-Aravind

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni
In response to Aravind Ravichandran

‎12-31-2018 02:06 AM

@Aravind Ravichandran

thanks you this was very useful information.

 

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents