11-02-2017 05:31 AM - edited 02-21-2020 10:37 AM
Dear community,
kindly ask your help.
We have two ISE, working together in one node group as primary and secondary. After total crash of database we re-install these two ISE nodes and recover first one from backup. So, now we have one recovered node as primary and one "brand new" node. But on primary node i saw a previous secondary node in node group. Should I remove this node before adding a new node as secondary, or I can leave it (because new node have the same IP with the old node)?
Thanks in advance!
Solved! Go to Solution.
11-02-2017 04:19 PM
Hi Yury
On the newly recovered Primary PAN, you have to delete the "zombie" node that you see in your Admin > System > Deployment. Then you need to register the second node into your deployment and assign it whatever Personas you want/need.
Don't forget to apply your licenses. If you had to rebuild your VM.s then the UDI would have changed and this means you licenses would no longer be relevant. With hardware appliances the serial numbers never change, so licenses will remain valid.
11-02-2017 06:16 PM
Delete the zombie actually means DEREGISTER the secondary node. It is probably necessary to import into the TRUSTED Certificate list of Primary PAN the self-signed cert of the secondary node, once the secondary is added to the deployment you can import into that node the certificate for portals and admin (it has to be the same).
11-02-2017 04:19 PM
Hi Yury
On the newly recovered Primary PAN, you have to delete the "zombie" node that you see in your Admin > System > Deployment. Then you need to register the second node into your deployment and assign it whatever Personas you want/need.
Don't forget to apply your licenses. If you had to rebuild your VM.s then the UDI would have changed and this means you licenses would no longer be relevant. With hardware appliances the serial numbers never change, so licenses will remain valid.
11-02-2017 11:43 PM
@Arne Bier wrote:
Hi Yury
On the newly recovered Primary PAN, you have to delete the "zombie" node that you see in your Admin > System > Deployment. Then you need to register the second node into your deployment and assign it whatever Personas you want/need.
Don't forget to apply your licenses. If you had to rebuild your VM.s then the UDI would have changed and this means you licenses would no longer be relevant. With hardware appliances the serial numbers never change, so licenses will remain valid.
Many thanks! We use hardware appliance, so there is no need to re-apply licenses. Now node group works well.
11-02-2017 06:16 PM
Delete the zombie actually means DEREGISTER the secondary node. It is probably necessary to import into the TRUSTED Certificate list of Primary PAN the self-signed cert of the secondary node, once the secondary is added to the deployment you can import into that node the certificate for portals and admin (it has to be the same).
11-02-2017 11:46 PM
@ajc wrote:
Delete the zombie actually means DEREGISTER the secondary node. It is probably necessary to import into the TRUSTED Certificate list of Primary PAN the self-signed cert of the secondary node, once the secondary is added to the deployment you can import into that node the certificate for portals and admin (it has to be the same).
Yep, you are right, after deregister old one and import self-cigned cert from the new server group was rebuild and successfully syncronized. Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide