Critical Bug in Cisco ISE 2.3

Mohamed Abd Elnaser Mohamed Mohamed Ali · ‎09-13-2017

Hi All

I have a fresh new installation of Cisco ISE 2.3 on a VM with 600 GB HDD and got hit by a critical bug “ % Error: Unable to launch ADE-OS shell. Disk full ” Which is documented under Bug ID CSCuz25672 Affecting ISE 2.0(1.130) & 2.1(0.381) and Current Status Fixed in Cisco ISE 2.1(0.474) and although it was fixed in Cisco ISE 2.1(0.474) as reported in the release notes of 2.1menioned below, it appears to be hitting Cisco ISE 2.2 and 2.3 as well.

Release notes for 2.1 (Bug ID is mentioned under resolved Caveat)

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/release_notes/ise21_rn.html

Another user reported the same bug affecting Cisco ISE 2.2

https://supportforums.cisco.com/t5/cisco-bug-discussions/bug-cscuz25672-ise-version-2-2-0-470/td-p/3065783

Another user reported the same bug affecting Cisco ISE 2.3 (same like me)

https://supportforums.cisco.com/t5/cisco-bug-discussions/cisco-bug-cscuz25672-ise-2-0-1-insufficient-space-in-new-root/td-p/3088877

The problem with this bug is that it renders the Cisco ISE node unrecoverable and the only way to proceed is to rebuild the node (Restarting the VM or the appliance doesn’t resolve it)

Too sad to see that Cisco has said it was fixed in Cisco ISE 2.1(0.474) as reported in the release notes but still not fixed in ISE 2.2 or 2.3 and now I have hit it with clean fresh almost no configuration in Cisco ISE 2.3

sdcorn · ‎10-03-2017

Have you opened a TAC case on this? I've found that a TAC case is the only way to get issues like this pushed up to Engineering to be fixed. I just had one of my customers, who is running v2.2, open a case referencing this Bug ID. The more TAC cases they get, the higher priority it tends to get.

Mohamed Abd Elnaser Mohamed Mohamed Ali · ‎10-04-2017

Hi Sdcorn

Thanks for your reply, I didn't open a TAC case since as a Partner I have a restriction on opening unnecessary TAC cases (Discount related things).

However, Cisco is already aware since this bug is there from Cisco ISE 2.1 and supposingly fixed in patch released for Cisco ISE 2.1 but still users encountered it on Cisco ISE 2.2 and 2.3

I have already escalated to the Cisco Local team here in UAE but no action yet.

sdcorn · ‎10-04-2017

I heard back from TAC that patch 4 for 2.2 and patch 1 for 2.3 should fix the issue. The ETA for those patches is Oct 18th.
I’m a partner also, but I’ve never heard about a restriction on TAC cases. If I suspect a bug is the issue, I always open a case (or have the customer open one) because they track how many cases are affected by a certain issue, and that can affect priority for fixing that issue.
Thanks,
Shawn

Mohamed Abd Elnaser Mohamed Mohamed Ali · ‎10-04-2017

Hi sdcorn

Thanks for your answer and nice to hear that they are planning for a patch release for ISE 2.2 and 2.3 since I have put many upgrade plans on hold because of this bug.

For the TAC opening restrictions, My Manager used to says that our company gets hit if the number of TAC cases exceeds certain limit (he says it impacts the discount rate the company gets from Cisco) and although most of our Cases are bug-related but I try to minimize the chances of opening a TAC case.

Under any case I have to take my Manager approval before opening one, End of the day I'm the technical person and i don't really know what is going one behind the scene.

I know opening a case would help Cisco to get to know about such issue and pressurize the developers to get them fixed but if Cisco is enforcing such TAC case limit on partners then they leave us with no choice.

Anyway again i have informed the Cisco Local team upon the same so they can internally communicate the same to ISE BU team.