cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1829
Views
10
Helpful
7
Replies

Cisco ISE Upgrade Fail 1.4 to 2.2 to 2.3

MS-JK
Level 1
Level 1

Hi All - running into ISE upgrade issues going from 1.4 to 2.2 then 2.3. Anyone out there that successfully upgraded from 1.4 to 2.3? Here are my steps:

 

1. Production - ISE 1.4 Patch 8 and backup and export Config Database Backup

2. Restore backup from Distributed ISE Prod to Lab Standalone ISE 1.4 Patch 8

3. Install patch 12 to Lab Standalone ISE 1.4 Patch 8

4. Export Config Backup from ISE 1.4 Patch 12 to Standalone ISE 2.2 Patch 4

*This where the upgrade fails*

 

isebox-new/admin# restore ISE.tar.gpg repository BLAH_Admin encryption-key plain blahblah
% Warning: Do not use Ctrl-C or close this terminal window until the restore completes.
Initiating restore.  Please wait...
% restore in progress: Starting Restore...10% completed
% restore in progress: Retrieving backup file from Repository...20% completed
% restore in progress: Decrypting backup data...25% completed
% restore in progress: Extracting backup data...30% completed
 Leaving the currently connected AD domain
 Please rejoin the AD domain from the administrative GUI
% restore in progress: Stopping ISE processes required for restore...35% completed
Cleaning up TC-NAC docker configuration...
% restore in progress: Restoring ISE configuration database...40% completed
% Error: Deletion of restored secondary certificates failed. After restore completes, use ISE certificates page to delete unwanted certificates manually.
% restore in progress: Adjusting host data for upgrade...60% completed
UPGRADE STEP 1: Running ISE configuration database schema upgrade...
- Running db sanity check to fix index corruption, if any...
 - Auto Upgrading Schema for UPS Model...
 - Upgrading Schema completed for UPS Model.

UPGRADE STEP 2: Running ISE configuration data upgrade...
% Error: ISE Global data upgrade failed!
ISE M&T Log Collector is not running
ISE M&T Log Processor is not running
PassiveID WMI Service is disabled
PassiveID Syslog Service is disabled
PassiveID API Service is disabled
PassiveID Agent Service is disabled
PassiveID Endpoint Service is disabled
PassiveID SPAN Service is disabled
ISE pxGrid processes are disabled
ISE Application Server process is not running
ISE Certificate Authority Service is not running
ISE EST Service is not running
ISE Sxp Engine Service is disabled
ISE TC-NAC Service is disabled
Wifi Setup Helper Container is disabled
docker daemon is not running
Stopping ISE Profiler Database...
ISE Indexing Engine is not running
ISE M&T Session Database is not running
ISE AD Connector is not running
Stopping ISE Database processes...
Stopping ISE Database processes...
Starting ISE Monitoring & Troubleshooting Session Database...
Starting ISE Profiler Database...
grep: write error
grep: write error
Starting ISE Application Server...
Starting ISE Monitoring & Troubleshooting Log Processor...
Starting ISE Monitoring & Troubleshooting Log Collector...
Starting ISE Indexing Engine...
Starting docker daemon ...

WifiSetup is disabled.....
Starting ISE Certificate Authority Service...
Starting ISE AD Connector...
Starting ISE EST Service...
Note: ISE Processes are initializing. Use 'show application status ise'
      CLI to verify all processes are in running state.
% Application restore failed

2 Accepted Solutions

Accepted Solutions

Cory Peterson
Level 5
Level 5

Hello, 

 

Skip the 1.4 patch you are doing in the Lab.

 

Just take the ISE 1.4 backup you have and restore it to a new 2.1 install in the lab.

After that take a backup of 2.1 and build a new 2.3 server and restore the 2.1 backup to the 2.3 server. 

 

Then patch 2.3 to patch 4 and test the server with some test NADs/devices. 

 

Once you confirm this is working you can start adding newly built 2.3 patch 4 nodes to the deployment.

View solution in original post

Technically you should be able to upgrade (Restore) from 1.4 to 2.2, but from my experience I have always gone to 2.1 and it has worked for me. 

 

Also, the patch is just an extra step that is not needed, you can just import the production 1.4 backup in to a new 2.1 server.

 

One of the items that is not talked about or written in any documents I have seen is that you can only restore to/from version that can also be upgraded to/from per the documentation. This post here by Craig does talk about this. Link to Craig's Comment

 

 

 

 

View solution in original post

7 Replies 7

Cory Peterson
Level 5
Level 5

Hello, 

 

Skip the 1.4 patch you are doing in the Lab.

 

Just take the ISE 1.4 backup you have and restore it to a new 2.1 install in the lab.

After that take a backup of 2.1 and build a new 2.3 server and restore the 2.1 backup to the 2.3 server. 

 

Then patch 2.3 to patch 4 and test the server with some test NADs/devices. 

 

Once you confirm this is working you can start adding newly built 2.3 patch 4 nodes to the deployment.

Hi Cory,

Is there a reason to skip the patch and also why go to 2.1 instead? Any more details would be appreciated behind it. I was told that 2.2 was per Cisco's recommendation BUT can't really find official documentation in my search that supports detail procedure steps calling out 2.1.

 

Thanks for your feedback!

Technically you should be able to upgrade (Restore) from 1.4 to 2.2, but from my experience I have always gone to 2.1 and it has worked for me. 

 

Also, the patch is just an extra step that is not needed, you can just import the production 1.4 backup in to a new 2.1 server.

 

One of the items that is not talked about or written in any documents I have seen is that you can only restore to/from version that can also be upgraded to/from per the documentation. This post here by Craig does talk about this. Link to Craig's Comment

 

 

 

 

Thanks! 2.1 worked.

Awesome! Glad to hear it worked. I have had similar issues in the past and this is how I got around it. 2.2 is suppose to work... 

hslai
Cisco Employee
Cisco Employee
...

UPGRADE STEP 2: Running ISE configuration data upgrade...
% Error: ISE Global data upgrade failed!
...


This is the error we need to concentrate on. There are various reasons an ISE upgrade fails at this step so we should check the upgrade debug log files for more details. You may try this ISE CLI command to get the file name

show logging app | include dbupgrade-data-global

Then,

show logging app <theFileNameOfDbUpgradeDataGlobal>

 

If you provide the content of the log file(s), we can help deciphering the issues. Otherwise, please  engage Cisco TAC support.

 

ISE 2.2 is usually a better choice to upgrade to from 1.4, because it is the last release 1.4 may upgrade to. If you would like to try restoring again, I would recommend applying the latest ISE 2.2 patch, which is Patch 9 at present, before another attempt.

PS: If you not integrating ISE with DNA-C, ISE 2.2 with the latest patch is our current recommendation.

I just did the followings last week without any problems. It went well. 

- Export from 1.4p11 on Primary PAN;

- Import to 2.2p9, then export the config data;

- Import to 2.4 (no patching yet. pending for p2). 

Hope this helps.