cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2423
Views
3
Helpful
17
Replies

ISE 2.2 Endpoint Purge Bug

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

FYI I had a colleague come across this new bug specific to ISE 2.2:

     https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd01079

It's not listed in the Release Notes open caveats as of the 31 January posting date.

The symptom is the Endpoint Purge setings page tells the end user they are not licensed for configuring the feature. Of couse this is a Base feature and the admin users should certainly be able to configure it.

The workaround is "install Plus license". A bit hard to do when the customer only has Base licenses.

I do hate it when a Bug is marked "fixed" and the work around is not feasible for most customers and there's no released patch addressing it.

</end rant>

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

Thanks for the feedback.

If your customer running into this bug, please open a TAC case as TAC may issue a temporary PLUS license to cover until the patch becomes available.

View solution in original post

17 Replies 17

hslai
Cisco Employee
Cisco Employee

Thanks for the feedback.

If your customer running into this bug, please open a TAC case as TAC may issue a temporary PLUS license to cover until the patch becomes available.

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

Thanks - TAC reports it will be fixed in 2.2 Patch 1. Meanwhile the customer's account SE was able to get them a 90 day Plus license.

Is there any projection on the release date for Patch 1?

I apologize, but patch release dates could shift and we do not share it in the public forums.

Marvin,

We try not to comment on patch releases dates and contents - it's too hard to manage expectations.

Too often customers treat a given date or anticipated bug list as a contract and get upset if things change.

It's best to work through TAC and the ISE Escalation team for your bug since that is how these fixes are typically prioritized in patches.

I have IE 2.2 patch 1 and I am still facing the same issue as explained in this discussion.

The bug ID mentions it's fixed in 2.2(0.901) - how does patch 1 relate to the 0.901 numbering?  Is this actually fixed in patch 1?

I only have base license installed.

cheers

From the Release Notes for Cisco Identity Services Engine, Release 2.2 - Cisco you will see a section for bug fixes in Patch #1 @ Resolved Issues in Cisco ISE Version 2.2.0.470—Cumulative Patch 1 :

CSCvd01079  Endpoint Purge doesn't work with Base License on ISE 2.2.

Our engineering team's release numbering scheme uses 9xx builds for noting the patch releases.

901 = Patch 1

902 = Patch 2

...

Adding to this thread.


I see conflicting information on this behavior and customers reporting it:


- On one side there is the bug referenced above that should be fixed in 2.2P1 but is not fixed.

- On the other side, I see information that PLUS licenses are required to use endpoint purge since this feature is tied to profiling.


Which one is the right answer?


Thanks

The bug is resolved in ISE 2.2 Patch 1. Please provide the TAC case number so we may follow up.

I will retract my comment on 11 July where I said the Endpoint purge didn't work.  It did work.  Purging works just fine and you don't need a Plus license.

I wasn't thinking right, and didn't realise that GREATERTHAN 1 actually means 2,3,4, ... so I was expecting the Endpoint to be deleted after 1 day (because my brain confused after with greater than)

Anyway.  There are other issues with Endpoint Purge that I won't go into right now.  I have a TAC case open that is looking at the Alarms details page relating to Endpoint Purge.  That is definitely still broken even in ISE 2.3 patch 1. No bug yet.

I have another TAC case relating to Endpoint, because ISE is unable to run an automated Purge where the Endpoint Identity Group is NULL/Empty.  CSCvg46494 - Fix in 2.4 apparently.

CSCvg46494 has not been addressed in any ISE release yet but we do expect its fix will go to 2.4 first.

Hello

Is CSCvg46494 going to make it into ISE 2.4 ?

thanks

Arne

Besides addressed in ISE 2.2 Patch 6, the last ISE 2.4 beta drop should have the fix as well.

Arne Bier
VIP Advisor VIP Advisor
VIP Advisor

What about ISE 2.3?  I am currently on ISE 2.3 patch 2 and I raised my TAC case when I was on ISE 2.2 at the time.  But that does not mean that ISE 2.3 should NOT have this fix.

If a bug is discovered in ISE 2.0, for a feature that has been in existence since 2.0, then (in my opinion) the fix should be integrated into 2.0, 2.1, 2.2, 2.3 and any other 2.x release.

If you needing it soon, please ask TAC to request a hot patch for ISE 2.3. Otherwise, we need to wait for patch parity with ISE 2.2 Patch 6.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers