Hi, many thanks for your quick reply. I had run the status command and it is attached on my first post, it looks as if the application is already running?

Hi

try to stop the service 

application stop ise, 

then check the status

then application start ise

Thanks for that - I'll hold off on this just for now as I want to pass it via my line manager who is not around but will update as soon as possible.

Thanks again.

Why type of Deployment is this? Is it Distributed, You have admin nodes that are separate from the PSNs? 

If it is Distributed you can restart services on the Admin node without affecting the PSN.

Thanks for your reply Cory, really appreciate it, unfortunately I have no idea what you mean - imagine you're talking to a small child :-) ....

After trying to understand what you mean I believe we only have one admin node and one local network, does that make sense in relation to your question?

Many thanks.

Ha! No worries. 

It sounds like a standalone deployment, in that case I would error on the side of caution and do the services restart after hours and expect there to be an outage in regards to authentications. 

Ok will do! We have a support call in for this but have been waiting 2 days for a response (BT not Cisco) so wanted to try and figure it out myself, it looks as if it maybe worth just hanging on.

Very much appreciate your help.

The database server should be running (no matter type of node this might be - PAN, MnT or PSN).  So an application stop, followed by a start is probably a wise move.  To be honest, if you had a VM migration then you won't be worse off by simply reloading the entire server (Linux reboot).  It will add 1min to the job but so what. If it's already in such a bad shape then you might as well go the whole hog.

Might be worth doing a config backup if you're able to. 

If you have a repository configured, then take a quick snapshot of the box just in case it all goes pear shaped

.

On the CLI perform a

show run | begin repository

and see if one is configured.  The assumption here is also that the repo is reachable and that the credentials work.  A small leap of faith :)

Here is the CLI syntax to create a backup called "safetynet" on a repository called "backup"

backup safetynet repository backup ise-config encryption-key plain MySecret123

Hi Arne, many thanks for that, that's really useful.

Looks like I will have to setup a new repository via CLI (if anyone has the steps to do this via CLI or a link that would be great, can't find anything so far).

Also - do I need to backup any certificates even though we only run base licenses (not even sure if the two are related but thought I would ask).

Thanks.

Well nearly got there and then got the attached error, any ideas? Thanks.

Hi

Might want to look at http://labminutes.com/, free videos on how to, also some on udemy.com, but have to pay around £10 ish for them.

Oh dear.  I think you're not on the PAN node.  You need to be on the active PAN node.  You can only perform backups on the primary PAN.

BTW, if you do a show repository QMUISE     do you see the contents of the remote FTP/SFTP?  Might be worth as a sanity check.  SFTP requires an extra step   (crypto .... to exchange public keys between you and remote host).  Keep it simple if you can by using FTP :)