Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4374
Views
25
Helpful
5
Replies

Install Cisco ISE patches

Network Diver
Level 1
Level 1

‎01-26-2023 10:12 PM

Something I have learned this week the hard way:

Don't install Cisco ISE patches using the web UI and login the same time with SSH for checking patching progress. It prevents the node from booting.

Very odd that the upgrade procedure via web UI has all kinds of checks and shows the progress and the patching shows absolutely nothing, no upload progress, no indication of success or failure. At least it could show the same output as on the CLI, which is much more verbose.

1 person had this problem
5 Replies 5

Marcelo Morais
VIP
VIP

‎01-27-2023 09:46 PM

Hi @Network Diver ,

 to check the logs during a Patch install, use the following command:

ise/admin# show logging system ade/ADE.log

Are you having issues using this command ?

Which version of ISE ?

Regards

Network Diver
Level 1
Level 1
In response to Marcelo Morais

‎01-29-2023 10:05 PM

ISE 3.1 patch4. I did use that command while I started the patch install via web UI while installing 3.1 patch5. It seems that the open SSH session stopped the node from rebooting. I was too scared to just reboot the VM and after two hours of happening nothing I reverted to the offline snapshot I made before the update. 

I guess patch installation via CLI is the preferred method, although it shows a warning.

# patch install ise-patchbundle-3.1.0.518-Patch5-22120201.SPA.x86_64.tar.gz patchrepo
% Warning: Patch will be installed only on this node. Install using Primary Administration node GUI to install on all nodes in deployment. Continue? (yes/no) [yes] ?
Save the current ADE-OS running configuration? (yes/no) [yes] ?
Generating configuration...
Saved the ADE-OS running configuration to startup successfully
Initiating Application Patch installation...
 
Getting bundle to local machine...
Unbundling Application Package...
Verifying Application Signature... Patch successfully installed
 
% This application Install or Upgrade requires reboot, rebooting now...
Trying to stop processes gracefully. Reload might take approximately 3 mins
The system is going down for reboot NOW

 

 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Network Diver

‎01-30-2023 05:10 AM

It could be something specific to your terminal emulation program. I regularly tail the ADE.log file while upgrading ISE (usually initiating from the GUI) and have never had it fail to reboot when it is ready to do so on its own. I've done this on dozens of different deployments using either putty or my preferred emulator program (Xshell).

Marcelo Morais
VIP
VIP
In response to Network Diver

‎01-30-2023 05:35 AM

Hi @Network Diver ,

 I agree with what @Marvin Rhoads said about your "emulation program", I use SecurCRT/Putty without a problem.

Note: I prefer to install ISE via CLI, the warning you said is normal:

% Warning: Patch will be installed only on this node.

 It is just a "reminder" that "you have to manually update each Node" (remember to start with PPAN)

Hope this helps !!!

0 Helpful

Network Diver
Level 1
Level 1
In response to Marcelo Morais

‎01-31-2023 12:03 AM

I'm using iTerm2 on MacOS. Usually that has not a problem when hosts reboot. Maybe it was glitch then, caused by cosmic rays.

Customers Also Viewed These Support Documents