Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1464
Views
4
Helpful
8
Replies

Cisco ISE version 1.2.1.198 distribution deployment issue

Go to solution
Rajib Das
Level 1
Level 1

‎11-28-2014 05:18 AM - edited ‎03-10-2019 10:13 PM

Dear All, I am having 3 ISE (Admin, PSN & MNT node) running on version 1.2.1.198 with no patch. My MNT node is not sync. with admin node. I need to apply a certificate but getting error. I am unable to deregister it. I have tried to push the patch 3 by installing same on Admin node but it is not getting push to either MNT or PSN node. I am attaching the screen-shots for your reference. Please let me know if you need any input from my side.

Labels:
Preview file
363 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to Rajib Das

‎11-30-2014 10:41 PM

You must first configure another ISE node to run the "Monitoring" persona before you can de-register that node. An ISE deployment requires at least 1 admin and 1 monitoring persona. So for instance, you can go to your admin node and enable the monitoring persona and then try de-registering that node again. 

I hope this helps!

 

Thank you for rating helpful posts! 

Thank you for rating helpful posts!

View solution in original post

8 Replies 8

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎11-28-2014 03:38 PM

What happens when you try to de-register that node from the deployment? Also, do you have HTTP/CLI access to it?

Thank you for rating helpful posts!
0 Helpful

Go to solution
Rajib Das
Level 1
Level 1
In response to nspasov

‎11-28-2014 08:22 PM

I am unable to de-register that node from the deployment. I have HTTP & CLI access to it.

0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to Rajib Das

‎11-29-2014 06:30 PM

What error do you get when you try to de-register it? Also, from CLI issue this command and post the results here:

show application status ise

Thank you for rating helpful posts!
0 Helpful

Go to solution
Rajib Das
Level 1
Level 1
In response to nspasov

‎11-29-2014 10:15 PM

I am attaching both the de-register error screen-shot , & command output.

Preview file
1 KB
Preview file
368 KB
0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to Rajib Das

‎11-30-2014 10:41 PM

You must first configure another ISE node to run the "Monitoring" persona before you can de-register that node. An ISE deployment requires at least 1 admin and 1 monitoring persona. So for instance, you can go to your admin node and enable the monitoring persona and then try de-registering that node again. 

I hope this helps!

 

Thank you for rating helpful posts! 

Thank you for rating helpful posts!

Go to solution
Rajib Das
Level 1
Level 1
In response to nspasov

‎12-01-2014 06:40 AM

Hi, I have made PSN as monitor Primary, then de-registered the Monitor node & registered it back & made it monitor primary. Now all nodes are syncing properly. But after this my call flow is breaking. All user request are going for default deny, i.e. access reject & drop. Earlier it was working properly, users were able to connect / authenticated & authorized also access the websites properly. Earlier only monitor node was not syncing , but now although it is syncing but call flow is breaking & there is no change in configuration. I have updated the ISE version 1.2.1.198 with only a patch , i.e. patch 3 on all 3 nodes i.e. admin, PSN & monitor. Please suggest also let me know incase you need more info.

0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to Rajib Das

‎12-02-2014 11:04 PM

Hi Rajib, this sounds like a new issue that I would recommend that you start a new thread for with additional info: screenshots, requirements, etc and close this thread since your original issue was resolved. 

Thank you for rating helpful posts!
0 Helpful

Go to solution
Rajib Das
Level 1
Level 1
In response to nspasov

‎12-02-2014 11:45 PM

Hi Neno, Thank you...

0 Helpful
Customers Also Viewed These Support Documents