07-14-2016 08:33 AM
I am working on a 30-40k node deployment that is running ISE 2.0 patch 3. The customer has arrived at ISE 2.0 patch 3 through various ISE upgrades over the past few years. The customer is using 3495 appliances with dedicate M&T nodes.
The live log is extremely slow and the M&T nodes are running high CPU. As we start to get more aggressive with our purging the performance gets better, but I have an suspicion that database in general just needs to be completed rebuilt to get a fresh start, but not exactly sure the process to do that. I don't want to preserve any data in the database. I just want a clean ISE 2.0 structured M&T database.
I am working on other ISE 2.0 deployments with similar or larger endpoints and I have no issues with Live Logs or reports and we haven't had to change the default purging policy.
We do have a TAC case open this but it has gone nowhere.
Any thoughts would be appreciated.
Solved! Go to Solution.
07-14-2016 09:09 AM
Since the MnT nodes are dedicated, the customer can deregister MnT node, reset configuration and then add it back to the deployment. Assuming the customer is not interested in the old logs:
1. Deregister secondary MnT
2. Run 'application reset-config ise' (Or reinstall ISE from ISO + any patches to match the deployment)
3. Register secondary MnT back to the deployment
4. Repeat #1-3 for primary MnT
Hosuk
07-14-2016 09:00 AM
Paul, 33xx h/w does not support 2.0 and above. See:
Release Notes for Cisco Identity Services Engine, Release 2.0 - Cisco
07-14-2016 09:03 AM
Sorry my fault I meant 3495 appliances. I have modified the original question.
Thanks.
07-14-2016 09:09 AM
Since the MnT nodes are dedicated, the customer can deregister MnT node, reset configuration and then add it back to the deployment. Assuming the customer is not interested in the old logs:
1. Deregister secondary MnT
2. Run 'application reset-config ise' (Or reinstall ISE from ISO + any patches to match the deployment)
3. Register secondary MnT back to the deployment
4. Repeat #1-3 for primary MnT
Hosuk
07-14-2016 09:18 AM
Hosuk,
Thanks for the quick response!
For some reason I thought when I added the 2nd MnT back into the deployment it would sync data from the primary and would defeat the purpose of the reset. Is that not true?
I have never really looked at what is sync'd between the primary and secondary M&T nodes.
Thanks again for the responses.
07-14-2016 09:34 AM
Like Hsing-Tsu mentioned, I would advise continue working with the TAC. But to answer your question, in the case of MnT, both primary and secondary gets copy of the logs individually without relying on synchronization.
07-14-2016 09:16 AM
If the current assigned TAC not helpful, you may either ask for re-queue or request escalating it to our escalation team. It might hit some known issue. For example, the continuous refresh at TrustSec dashboard has shown to be a problem.
02-02-2017 05:52 AM
Hi
do you by any chance have a tac case number, i have same issue.
regards henrik
02-02-2017 06:19 AM
Please keep in mind this community is more for technical, design, and product feature inquires
Its not for troubleshooting break fix which should be designated to the tac and their community
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide