Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1872
Views
10
Helpful
1
Replies

ISE DB restore for 2.2 2.7 is failing?

DeanBlakely
Level 1
Level 1

‎01-19-2021 05:47 AM

I am standing up ISE 2.7 distributed deployment with 2 PANs 2 MNTs and 6 PSNS

My current ISE deployment is 2.2 .   I am in the process of upgrading to 2.7 and I have configured and stood up ISE 2.7 distributed deployment with 2 PANs 2 MNTs and 6 PSNS.  ISE 2.7 is still in LAB environment.  I restored ISE 2.7 form ISE 2.2 back-up. The issue I am having after I restore is I don’t see any of the nodes on the deployment.  the PAN is coming up as standalone.  Also when I try to access the nodes individually it appears as it is still in deployment mode.  Any help will be appreciated.

https://nox.tips/ https://xender.vip/
0 Helpful
1 Reply 1

Mike.Cifelli
VIP Alumni
VIP Alumni

‎01-19-2021 07:26 AM - edited ‎01-19-2021 08:23 AM

I restored ISE 2.7 form ISE 2.2 back-up. The issue I am having after I restore is I don’t see any of the nodes on the deployment.  the PAN is coming up as standalone.  Also when I try to access the nodes individually it appears as it is still in deployment mode. 

-This is normal behavior.  I recently within the last 3ish months went through a cluster migration from 2.4 to 2.7.  There are a few things that need to be done, and some items to be aware of.  Here is an overview of what I did that worked perfectly fine in regard to a seamless migration (note both old/new clusters are/were virtual).  Note that all node hostnames and IPs remained the same*;

On current (old) cluster:

disabled pan failover
promoted pan2 to primary
unjoined pan1 from AD
exported certificates
deregistered pan1 from cluster

 

enabled nic on new pan1 in 2.7 cluster
shut nics on old pan1 in 2.4 cluster
changed IP address on new pan on nic 1 (services restart)
added nic 2 and added underlay ip address (services restart)
added static routes via CLI for additional nic
started system restore from backup
kicked off restore & successfully worked ~35 minutes
re-joined node to AD
setup node as primary node with right personas

 

started psn1 migration
exported certs
unjoined ad
deregistered from cluster
shut nics
added nics to new psn1 running 2.7
changed ip addresses and added appropriate static routes
registered with new pan
setup proper personas
synced with new pan
joined to AD
*verified radius live logs to determine it is servicing clients

The process is the same for other nodes.  During the migration essentially both cluster old/new PSNs are capable of servicing requests which aides in a seamless migration.  Once you have a PSN synced, registered, setup in new cluster that you confirm is capable of servicing requests you can continue migrating old nodes to newly built cluster nodes.

 

Helpful FYSAs:

-Every IP change restarts services
-Changing personas restarts services

-During upgrade/restore helpful logs can be seen via: #sh logging system ade/ADE.log

Lastly, I would recommend developing a plan that meets your needs and ensures minimum downtime for end users. I also, definitely recommend working with TAC to ensure things are good to go in case you need additional support.  Your situation may vary from my experiences, but I wanted to share my process as a cluster migration can be a heavy lift.  Take a look at the following (specifically section: Upgrade Cisco ISE Deployment Using Backup and Restore Method (Recommended): Cisco ISE 2.7 Upgrade Guide: Upgrade Method - Cisco

Also see: Cisco ISE & NAC Resources - Cisco Community

HTH& good luck!

Customers Also Viewed These Support Documents