Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4917
Views
1
Helpful
1
Replies

How to deregister a secondary node from a Cisco ISE cluster using CLI

Go to solution
behzad bayat
Level 1
Level 1

‎10-28-2023 05:29 AM

I have a Cisco ISE cluster. The primary node is no longer available, and I cannot access the GUI for the secondary node. However, I have access to the CLI for the secondary node. How can I change the password policy for the secondary node? I've attempted this, but it didn't allow me to proceed and instead prompted me to do this via the primary node, which is no longer available.

Additionally, how can I deregister the secondary node from the cluster using the CLI without erasing licenses?

TNX

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
agrissimanis
Level 1
Level 1

‎10-28-2023 12:10 PM - edited ‎10-28-2023 12:13 PM

When you say you can't access the GUI of the secondary node, do you mean you can reach the GUI, but you just don't know the local admin password and need to change it?
If yes then then reset the GUI password on the secondary node from CLI using:
application reset-passwd ise admin
Then, when you get access to the GUI of the secondary node, you can promote it to the primary from there. That way you will maintain the licences, config and everything else from the primary.

There isn't a way to do this from CLI and you also can't deregister your secondary from the CLI while maintaining the configs and licences.

From CLI you can issue "application reset-config ise", this will deregister the node and will make the node standalone again, but you will also lose all the configs.

 

View solution in original post

1 Reply 1

Go to solution
agrissimanis
Level 1
Level 1

‎10-28-2023 12:10 PM - edited ‎10-28-2023 12:13 PM

When you say you can't access the GUI of the secondary node, do you mean you can reach the GUI, but you just don't know the local admin password and need to change it?
If yes then then reset the GUI password on the secondary node from CLI using:
application reset-passwd ise admin
Then, when you get access to the GUI of the secondary node, you can promote it to the primary from there. That way you will maintain the licences, config and everything else from the primary.

There isn't a way to do this from CLI and you also can't deregister your secondary from the CLI while maintaining the configs and licences.

From CLI you can issue "application reset-config ise", this will deregister the node and will make the node standalone again, but you will also lose all the configs.

 

Customers Also Viewed These Support Documents