FYI I had a colleague come across this new bug specific to ISE 2.2:
It's not listed in the Release Notes open caveats as of the 31 January posting date.
The symptom is the Endpoint Purge setings page tells the end user they are not licensed for configuring the feature. Of couse this is a Base feature and the admin users should certainly be able to configure it.
The workaround is "install Plus license". A bit hard to do when the customer only has Base licenses.
I do hate it when a Bug is marked "fixed" and the work around is not feasible for most customers and there's no released patch addressing it.
Solved! Go to Solution.
We try not to comment on patch releases dates and contents - it's too hard to manage expectations.
Too often customers treat a given date or anticipated bug list as a contract and get upset if things change.
It's best to work through TAC and the ISE Escalation team for your bug since that is how these fixes are typically prioritized in patches.
From the Release Notes for Cisco Identity Services Engine, Release 2.2 - Cisco you will see a section for bug fixes in Patch #1 @ Resolved Issues in Cisco ISE Version 220.127.116.110—Cumulative Patch 1 :
CSCvd01079 Endpoint Purge doesn't work with Base License on ISE 2.2.
Our engineering team's release numbering scheme uses 9xx builds for noting the patch releases.
901 = Patch 1
902 = Patch 2
Adding to this thread.
I see conflicting information on this behavior and customers reporting it:
- On one side there is the bug referenced above that should be fixed in 2.2P1 but is not fixed.
- On the other side, I see information that PLUS licenses are required to use endpoint purge since this feature is tied to profiling.
Which one is the right answer?
I will retract my comment on 11 July where I said the Endpoint purge didn't work. It did work. Purging works just fine and you don't need a Plus license.
I wasn't thinking right, and didn't realise that GREATERTHAN 1 actually means 2,3,4, ... so I was expecting the Endpoint to be deleted after 1 day (because my brain confused after with greater than)
Anyway. There are other issues with Endpoint Purge that I won't go into right now. I have a TAC case open that is looking at the Alarms details page relating to Endpoint Purge. That is definitely still broken even in ISE 2.3 patch 1. No bug yet.
I have another TAC case relating to Endpoint, because ISE is unable to run an automated Purge where the Endpoint Identity Group is NULL/Empty. CSCvg46494 - Fix in 2.4 apparently.
What about ISE 2.3? I am currently on ISE 2.3 patch 2 and I raised my TAC case when I was on ISE 2.2 at the time. But that does not mean that ISE 2.3 should NOT have this fix.
If a bug is discovered in ISE 2.0, for a feature that has been in existence since 2.0, then (in my opinion) the fix should be integrated into 2.0, 2.1, 2.2, 2.3 and any other 2.x release.