We have an ISE deployment running ISE version 2.3. We recently deployed ISE patch five to the setup. Afterwards, only the Primary admin node became connected. Under Administration > Deployment, the rest of the nodes show "Not in Sync" with an orange warning next to them
.A manual snyc using Syncup does not resolve the issue as the nodes go to the state "In Progress" and this can last up to three hours, after which they revert back to the "Not in Sync" error.
The nodes are: Primary Admin, Secondary Admin, PSN1, PSN2 and a pXGrid node. Only the primary admin node shows the "Green" connected icon. When we check the status of the patch 5 on the individual nodes using "show version" in CLI it indicates it has the patch. The ISE admin node under Administration > Maintenance > Patch management shows all the nodes received the patch when we select it and display " Show Node Status".
We have checked the network connectivity and all is okay. All nodes can reach each other and there is no latency/jitter. DNS is resolvable from all nodes by using nslookup. There is also no firewall in between to block communications.
When we removed patch five from one of the PSN nodes and reverted back to patch 4, there was still no change and the error "In progress" persisted.