cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2069
Views
4
Helpful
4
Replies

ISE 2.1 distributed deployment with different patch version

Looi Siew Key
Level 1
Level 1

Hi Guys,

Need to get advice about ISE distributed deployment patch version.

Currently we have 7 nodes (2 PAN, 2 MNT and 3 PSN) in distributed deployment, and 6 nodes are in version 2.1 patch 1,2,3 and 6. And recently remaining 1 node was replaced due to faulty, and installed with version 2.1 patch 6 (direct install patch 6 and ignore 1,2,3).

Now we have issue to upgrade ISE version as it shows warning "Some of the nodes are not on the same ISE patch version. To prceed with upgrade, bring all nodes to the same ISE patch version. Go to patch page."

As we understand ISE patch version is cumulative, does it necessary to have all node in the same patch version (1,2,3 and 6) ?

Thanks for your response.

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

This is due to CSCuz23479. The workaround is to proceed with the upgrade by ISE admin CLI.

View solution in original post

4 Replies 4

hslai
Cisco Employee
Cisco Employee

This is due to CSCuz23479. The workaround is to proceed with the upgrade by ISE admin CLI.

Damien Miller
VIP Alumni
VIP Alumni

An alternative solution for you if you still wish to use the GUI for the upgrade.  You can uninstall patch 6 from the one node missing p1 - p3 via the CLI.  You can then install all four patches to this single node via the CLI to match the other nodes.

patch remove ise <patch number ex 6>

patch install <patch file name> <repository name>

Hi Damian,

I thinking the same way as you to resolve this bug for upgrade firmware using GUI.

Since the missing patch in 1 of the box remove patch and install previous patches, does it impact to ISE clustering and causing downtime to this particular node which missing patch?

There will be downtime for the node you are patching, the other nodes will remain up and active.  Here is how the process will go if you choose to do it this way. Between each step you will have to wait for the the application server process to reach running state.

1. patch remove ise 6

  • node will reboot after p6 is removed

2. patch install <patch 1 name> <repo>

  • patch 1 will install and the node will reboot

3. patch install <patch 2 name> <repo>

  • patch 2 will install and node will reboot

4. patch install <patch 3 name> <repo>

  • patch 3 will install and node will reboot

5. patch install <patch 6 name> <repo>

  • patch 6 will install and node will reboot