Solved: Re: ISE 2.0 cluster recovery

Yury Kuzminov · ‎11-02-2017

Dear community,

kindly ask your help.

We have two ISE, working together in one node group as primary and secondary. After total crash of database we re-install these two ISE nodes and recover first one from backup. So, now we have one recovered node as primary and one "brand new" node. But on primary node i saw a previous secondary node in node group. Should I remove this node before adding a new node as secondary, or I can leave it (because new node have the same IP with the old node)?

Thanks in advance!

Arne Bier · ‎11-02-2017

Hi Yury

On the newly recovered Primary PAN, you have to delete the "zombie" node that you see in your Admin > System > Deployment. Then you need to register the second node into your deployment and assign it whatever Personas you want/need.

Don't forget to apply your licenses. If you had to rebuild your VM.s then the UDI would have changed and this means you licenses would no longer be relevant. With hardware appliances the serial numbers never change, so licenses will remain valid.

View solution in original post

ajc · ‎11-02-2017

Delete the zombie actually means DEREGISTER the secondary node. It is probably necessary to import into the TRUSTED Certificate list of Primary PAN the self-signed cert of the secondary node, once the secondary is added to the deployment you can import into that node the certificate for portals and admin (it has to be the same).

View solution in original post

Arne Bier · ‎11-02-2017

Hi Yury

On the newly recovered Primary PAN, you have to delete the "zombie" node that you see in your Admin > System > Deployment. Then you need to register the second node into your deployment and assign it whatever Personas you want/need.

Don't forget to apply your licenses. If you had to rebuild your VM.s then the UDI would have changed and this means you licenses would no longer be relevant. With hardware appliances the serial numbers never change, so licenses will remain valid.

Yury Kuzminov · ‎11-02-2017

@Arne Bier wrote:

Hi Yury

On the newly recovered Primary PAN, you have to delete the "zombie" node that you see in your Admin > System > Deployment. Then you need to register the second node into your deployment and assign it whatever Personas you want/need.

Don't forget to apply your licenses. If you had to rebuild your VM.s then the UDI would have changed and this means you licenses would no longer be relevant. With hardware appliances the serial numbers never change, so licenses will remain valid.

Many thanks! We use hardware appliance, so there is no need to re-apply licenses. Now node group works well.

ajc · ‎11-02-2017

Delete the zombie actually means DEREGISTER the secondary node. It is probably necessary to import into the TRUSTED Certificate list of Primary PAN the self-signed cert of the secondary node, once the secondary is added to the deployment you can import into that node the certificate for portals and admin (it has to be the same).

Yury Kuzminov · ‎11-02-2017

@ajc wrote:

Delete the zombie actually means DEREGISTER the secondary node. It is probably necessary to import into the TRUSTED Certificate list of Primary PAN the self-signed cert of the secondary node, once the secondary is added to the deployment you can import into that node the certificate for portals and admin (it has to be the same).

Yep, you are right, after deregister old one and import self-cigned cert from the new server group was rebuild and successfully syncronized. Thank you!