Solved: DEPLOYING ISE IN AZURE

Ben Bee · ‎10-17-2023

Hello Community,

Please I am deploying cisco ISE in azure using the azure vm intance option. After deployment I am able to ssh into the vm but stacked on what next. Do i need to start the ise service in the linux vm or need to now install the ise on the linus vm.

I followed Below link for the deployment but it doest have much info after creating the VM instance.

Create A Cisco ISE Instance Using Azure Virtual Machine

Kindly assist with steps especially on how to deploy ise in azure after creating the azure vm instance

Thanks

Ben Bee · ‎10-17-2023

I didn’t get any prompt. Is there a way to start this ?

View solution in original post

Greg Gibbs · ‎10-18-2023

Yes, the syntax looks correct. Here is and example of the User Data I use in my lab to spin up an Azure VM using Terraform.

hostname=ise32-az1
primarynameserver=192.168.222.24
dnsdomain=tuiaad.com
ntpserver=192.168.100.27
timezone=UTC
password=Ch@ngePassw0rd
ersapi=yes
openapi=yes
pxGrid=no
pxgrid_cloud=no

View solution in original post

Greg Gibbs · ‎10-19-2023

What does "unable to login to the console" mean? Are you getting a specific error message?

Be sure you are using the default 'iseadmin' username with the password defined in your User Data.

View solution in original post

Dustin Anderson · ‎10-17-2023

usually there is a setup you should get prompted for to do the initial configuration, then it will automatically start up.

Ben Bee · ‎10-17-2023

I didn’t get any prompt. Is there a way to start this ?

Dustin Anderson · ‎10-17-2023

Supposed to see:

**********************************************

Please type 'setup' to configure the appliance

**********************************************

Guess try typing just setup to see if it kicks off.

Ben Bee · ‎10-17-2023

when i type

[testuat@ise-svr-01 ~]$ setup

I get below error

"Setup only runs from the console"

Greg Gibbs · ‎10-17-2023

For public cloud ISE deployments, the setup process is automated using the User Data provided. The application build should take around 30 minutes, after which you should get an ISE CLI shell when you connect via SSH.

The shell you are seeing is a standard Linux shell, so the application build clearly did not complete properly.

One of most common problems is the syntax in the User Data is not correct and/or the password provided did not meet the complexity requirements. See the password requirements and link to the Admin Guide in the document to which you referred and make sure you are meeting those requirements.

If you are still having issues, you might try the Azure Application option and/or try using the Azure Serial Console to see if you get any indication of what is going wrong.

All else fails, open a TAC case to investigate further.

Ben Bee · ‎10-18-2023

Hello Greg/All,

thanks for the response,

I edited user data as seen below. now i am unable to ssh to vm. I would like to know if the format is okay.

thanks

hostname=<mgmt-iss01>
primarynameserver=<x.x.x.x>
dnsdomain=<dns.google.com>
ntpserver=<x.x.x.x>
timezone=<Etc/UTC>
password=<***********>
ersapi=<no>
openapi=<no>
pxGrid=<no>
pxgrid_cloud=<no>

Greg Gibbs · ‎10-18-2023

Yes, the syntax looks correct. Here is and example of the User Data I use in my lab to spin up an Azure VM using Terraform.

hostname=ise32-az1
primarynameserver=192.168.222.24
dnsdomain=tuiaad.com
ntpserver=192.168.100.27
timezone=UTC
password=Ch@ngePassw0rd
ersapi=yes
openapi=yes
pxGrid=no
pxgrid_cloud=no

Ben Bee · ‎10-19-2023

It worked. thanks

My only issue now is I am unable to login to the console in the azure portal. But I can login the ISE portal via browser

Greg Gibbs · ‎10-19-2023

What does "unable to login to the console" mean? Are you getting a specific error message?

Be sure you are using the default 'iseadmin' username with the password defined in your User Data.

Ben Bee · ‎10-19-2023

The iseadmin worked. I was initially using the hostname defined in the user data.
Thanks a lot Greg.

jepema · ‎08-12-2024

Hi,

Has anyone tried to deploy Cisco ISE using Bicep together with the data Greg provided stuffed into a keyvault secret? We cannot get it running (meaning login to the system) except when deploying manually.

Thanks.