Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3536
Views
1
Helpful
17
Replies

ISE 3.2 - trying to install patch 3, 24hrs later still nothing

Go to solution
TedB123
Level 1
Level 1

‎08-31-2023 03:14 AM

hi

We are trying to patch our ISE nodes with patch number 3: - ise-patchbundle-3.2.0.542-Patch3-23071904.SPA.x86_64.tar.gz

we have a 2 node environment

i logged onto the primary node
administration
selected maintenance 
patch management
selected the patch and clicked install.... at this point after about 60s i got logged out of the web UI. 

i decided to log onto the node via cli
ran the following
show application status ise - all processes/services running as expected
show version - Patch 3 not showing up
show uptime - node has not been rebooted


I logged onto the 2nd node and under the upgrade section i saw this.

TedB123_1-1693475941040.png

 

so i thought ok something is happening.
unfortunately this has now been like this for close to 24hrs and ive also restarted the 2nd node just to see if this would clear.

i ran the same cli commands on node 2 and they are exactly the same as node 1.
services are running, patch 3 not installed and node has not been rebooted.

something is definitely not playing ball and im not sure what the best way forward is or what our options are.

1. should i manually patch node 2 and then failover the services to node 2 making it the primary
2. once node 2 has been patched, reboot and patch node 1
3. retry patch install via web UI
4. bin patch 3 and try patch 2
5. a different approach?

i know that patching via cli will not patch both nodes and each node has to be done individually.
my concern is that because node 2 is showing this "upgrade progress bar", if I failover services to node 2 it could break ISE.

has anybody experienced something like this with patching?
thoughts on what we can do?

I have a case with TAC but waiting for a reply... but its slow going

cheers!

 

0 Helpful
17 Replies 17

Go to solution
hslai
Cisco Employee
Cisco Employee

‎09-01-2023 03:00 PM

@TedB123 If possible, please share your TAC case number.

0 Helpful

Go to solution
TedB123
Level 1
Level 1
In response to hslai

‎09-04-2023 01:05 AM

@hslai wrote:

@TedB123 If possible, please share your TAC case number.

SR 696081805

the engineer assigned has been very helpful but i have a few more pending questions about this whole process.

 

cheers,

 

0 Helpful

Go to solution
TedB123
Level 1
Level 1

‎09-04-2023 07:36 AM

final update for you all...

i ended up patching both nodes via CLI and had no issues what so ever... if anything i was very surprised at how fast the patch was applied... no more than 10 minutes... maybe even 5.

once the first node was patched and rebooted i checked the version number and confirmed that all services were running.
make this node the primary and then proceeded to patch the other node. 

ISE is working as expected so we are all good now.

thanks for all your input, it was very helpful.


 

 

 

0 Helpful
Customers Also Viewed These Support Documents