Hi, folks.

Has anybody ever had the effect, that no additional local cli users could be configured on ise appliances anymore ??

ise/xia0wf(config)#username xiism3 password plain Bla1Bla role admin email bla@bla.com
% Error: Failure occurred during request.

This happens on each node of the deployment (8 nodes).

"debug user all" shows the following:

7 [26736]:[debug] user: user_store_cli.c[96] [xia0wf]:
parameter_count = 4
7 [26736]:[debug] user: user_store_cli.c[104] [xia0wf]: param 0: (0): <suppressed>
7 [26736]:[debug] user: user_store_cli.c[104] [xia0wf]: param 1: (0): <suppressed>
7 [26736]:[debug] user: user_store_cli.c[104] [xia0wf]: param 2: (1): <suppressed>
7 [26736]:[debug] user: user_store_cli.c[104] [xia0wf]: param 3: (10): <suppressed>
7 [26736]:[debug] user: user_store_cli.c[104] [xia0wf]: param 4: (100): <suppressed>
7 [26736]:[debug] user: user_store_cli.c[107] [xia0wf]: username command acting on username: xiism3
7 [26736]:[debug] user: user_store_cli.c[138] [xia0wf]: username no_flag = FALSE
7 [26736]:[debug] user: user_store_cli.c[170] [xia0wf]: Before email/disabled processing.
7 [26736]:[debug] user: user_store_cli.c[198] [xia0wf]: username: xiism3, pwtype: 0, role: 1 state: 0
7 [26736]:[debug] user: user.c[1869] [xia0wf]: useradd return value: 0
7 [26736]:[debug] user: user.c[1871] [xia0wf]: useradd output:
Creating mailbox file: File exists  (????)

----------
7 [26736]:[debug] user: user.c[2010] [xia0wf]: Checking password validity.
7 [26736]:[debug] user:password-policy: user.c[1430] [xia0wf]: Opening Cache File
7 [26736]:[debug] user:password-policy: user.c[1446] [xia0wf]: File size: 66
7 [26736]:[debug] user:password-policy: user.c[1449] [xia0wf]: mmap()
7 [26736]:[debug] user: user.c[783] [xia0wf]: passwd: Authentication token manipulation error    (???)
7 [26736]:[debug] user:password-policy: user.c[1430] [xia0wf]: Opening Cache File
7 [26736]:[debug] user:password-policy: user.c[1446] [xia0wf]: File size: 66
7 [26736]:[debug] user:password-policy: user.c[1449] [xia0wf]: mmap()
7 [26736]:[debug] user:password-policy: user.c[2865] [xia0wf]: getFailures.pl return value: 0
7 [26736]:[debug] user: user.c[1301] [xia0wf]:
7 [26736]:[debug] user: user.c[1178] [xia0wf]: Scanning user entries...
7 [26736]:[debug] user: user.c[1264] [xia0wf]: End scan user entries (0)
7 [26736]:[debug] user: user.c[1335] [xia0wf]: xia0wf: "$5$0uTq01EV$vAluWMguXLlC/bujbC5Zm3KcwczngVFxALjJuz09uj." (503)  HOME /home/xia0wf       SHELL /opt/system/bin/carssh.sh
7 [26736]:[debug] user: user.c[1349] [xia0wf]: Not Making new user
7 [26736]:[debug] user: user.c[1373] [xia0wf]: user xia0wf is not remote ($5$0uTq01EV$vAluWMguXLlC/bujbC5Zm3KcwczngVFxALjJuz09uj.)
7 [26736]:[debug] user:password-policy: user.c[1430] [xia0wf]: Opening Cache File
7 [26736]:[debug] user:password-policy: user.c[1446] [xia0wf]: File size: 66
7 [26736]:[debug] user:password-policy: user.c[1449] [xia0wf]: mmap()
7 [26736]:[debug] user:password-policy: user.c[2865] [xia0wf]: getFailures.pl return value: 0
7 [26736]:[debug] user: user.c[1335] [xia0wf]: xiism3: "!!" (504)       HOME /home/xiism3       SHELL /opt/system/bin/carssh.sh
7 [26736]:[debug] user: user.c[1338] [xia0wf]: Making new user structure
7 [26736]:[debug] user: user.c[1373] [xia0wf]: user xiism3 is not remote (!)
7 [26736]:[debug] user:password-policy: user.c[1430] [xia0wf]: Opening Cache File
7 [26736]:[debug] user:password-policy: user.c[1446] [xia0wf]: File size: 66
7 [26736]:[debug] user:password-policy: user.c[1449] [xia0wf]: mmap()
7 [26736]:[debug] user:password-policy: user.c[2865] [xia0wf]: getFailures.pl return value: 0
6 [26736]:[info] user: user.c[494] [xia0wf]: deleting user xiism3
7 [26736]:[debug] user: user.c[521] [xia0wf]: userdel return value: 0
7 [26736]:[debug] user: user.c[529] [xia0wf]: rm -fr /home/xiism3
7 [26736]:[debug] user: user.c[530] [xia0wf]: rm return value: 0
% Error: Failure occurred during request. 

Any ideas ???

Here is a sho ver:

Cisco Application Deployment Engine OS Release: 3.0
ADE-OS Build Version: 3.0.0.202
ADE-OS System Architecture: x86_64

Copyright (c) 2005-2014 by Cisco Systems, Inc.
All rights reserved.
Hostname: ise

Version information of installed applications
---------------------------------------------

Cisco Identity Services Engine
---------------------------------------------
Version      : 2.1.0.474
Build Date   : Wed May 25 06:34:43 2016
Install Date : Mon Jun 13 19:39:38 2016

Cisco Identity Services Engine Patch
---------------------------------------------
Version      : 1
Install Date : Thu Sep 08 15:03:47 2016

Cisco Identity Services Engine Patch
---------------------------------------------
Version      : 2
Install Date : Sun Nov 27 18:25:53 2016