Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
521
Views
0
Helpful
1
Replies

ISE 2.3 Patch 1 Unable to Join cluster

Go to solution
geeyc5113
Level 1
Level 1

‎11-23-2017 06:46 AM

I have 2 unit of ISE appliance.  3415-k9. Herein after call ISE A and ISE B.   Initially the appliance is come with version 2.0.  The client want the site A to setup 2 x ISE with version 2.3 and the policy to be follow the HQ policy, but do not join the HQ cluster.

In order to make it faster,  I have registered ISE A to HQ cluster to sync the configuration, and then deregister it to make it as standalone.  ISE A had been successfully upgraded to version 2.3 patch 1.   ISE B had been factory default (Previously with configuration), then upgraded to version 2.3 patch 1 without configuration.

After upgraded of both ISE, I try to register ISE B into ISE A to form cluster.  After couple of time, it show sync failed and registration failed.  I am pretty sure the dns had no issue as I can ping to each other using fqdn.  If the dns having issue, the error message will pop up when i click submit during register node.

Note:

1. Both ISE A and ISE B are within same segment of IP.

2. Both ISE using ver2.3 patch 1.

My Question:

1. since ISE A join the HQ cluster before as PSN, would it be possible causing my issue when i use it as All in one unit after deregister from HQ cluster?

2. As per my current temporary setup, HQ PAN node IP same segment as ISE A and ISE B.  Would it be possible that within the IP segment, there should not be 2 different cluster appear?  Meaning when i move the ISE A and ISE B out of this segment, the issue will resolve?

3. Would it be possible it hitting ver 2.3 bugs?  Anybody face the similar problem? Any suggestion to resolve the problem?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎11-25-2017 01:09 PM

On (1), unlikely. Many use this way to get a copy of the ISE configurations.

On (2), this should not be an issue as our teams often are testing many deployments in the same network segments.

On (3), it could be but I've not heard of such issue. If not already, please engage Cisco TAC to troubleshoot. TAC will check the support bundles from both nodes to learn exactly where and how the registration failing.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
hslai
Cisco Employee
Cisco Employee

‎11-25-2017 01:09 PM

On (1), unlikely. Many use this way to get a copy of the ISE configurations.

On (2), this should not be an issue as our teams often are testing many deployments in the same network segments.

On (3), it could be but I've not heard of such issue. If not already, please engage Cisco TAC to troubleshoot. TAC will check the support bundles from both nodes to learn exactly where and how the registration failing.

0 Helpful
Customers Also Viewed These Support Documents