Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5799
Views
15
Helpful
10
Replies

ise node not becoming standalone after deregistration

Kashish_Patel
Level 2
Level 2

‎12-11-2012 11:29 PM - edited ‎03-10-2019 07:53 PM

I am seeing a weird problem.

I deregistered secondary admin/monitor node from primary admin/monitor node. I see successfully deregistered message.

But the deregistered node is still showing SEC(A) and SEC(M). It is not changing to standalone mode.

This is disrupting the upgrade of distributed deployment of ISE nodes.

Any clues?

Labels:
0 Helpful
10 Replies 10

Kashish_Patel
Level 2
Level 2

‎12-11-2012 11:36 PM

We are running

1.1.0.665 with patch 3 installed.

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to Kashish_Patel

‎12-12-2012 10:53 AM

Are you able to login to the secondary node after you de-register and convert it to a standalone?

0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni
In response to nspasov

‎12-13-2012 08:48 PM

Seems as if there is some communication issues between the two nodes. I have seen this before and the best bet is to reset the config and restore the db from the administration node. I dont think forcing it to primary will do anything but its worth a shot.

Tarik Admani
*Please rate helpful posts*

0 Helpful

Kashish_Patel
Level 2
Level 2
In response to Tarik Admani

‎12-13-2012 08:51 PM

Hi Tarik,

We found that it was because of bug:CSCtz80240

Thanks.

Tarik Admani
VIP Alumni
VIP Alumni
In response to Kashish_Patel

‎12-13-2012 08:53 PM

Thanks for the update, if you opened a TAC case please make sure the bug is customer facing before closing this case. Can you share with us the details of this bug? And the workaround. High 5 for you providing this info.

Thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful

Kashish_Patel
Level 2
Level 2
In response to Tarik Admani

‎12-13-2012 09:00 PM

Bug details:

Secondary node never becomes standalone after de-registration

The secondary node is de-registered successfully but a "The following deregistered nodes are not currently reachable: . Be sure to reset the configuration on these nodes manually, as they may not revert to Standalone on their own." message appears to the administrator.

Workaround   Log in to the administrator user interface with internal Cisco ISE administrator credentials when de-registering a node.

Actually we had two accounts in web gui, nodes were registered using one account and during upgrade, i used different account , which triggered this bug.

nspasov
Cisco Employee
Cisco Employee
In response to Kashish_Patel

‎12-13-2012 08:58 PM

Yep, 5 pints from me too And yes, please do share some more info on the bug. I will also recommend that you move to 1.1.1 as soon as possible (or 1.1.2) as 1.1.0 had a lot of DB issues.

0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni
In response to nspasov

‎12-13-2012 09:03 PM

Thanks Kashish for the helpful info....just out of curiosity do you know if you use and AD mapped account will trigger the same bug. I am planning for an upgrade from 1.1.1 to 1.1.2 and we have mapped AD accounts to the SuperAdmin role. I am curious if TAC was able to shed some light on this scenario.

Thanks again for this very helpful info!

Tarik Admani
*Please rate helpful posts*

0 Helpful

Kashish_Patel
Level 2
Level 2
In response to Tarik Admani

‎12-13-2012 09:07 PM

Tarik,

I am not sure about AD mapped admin accounts. We were using local accounts on ISE Web GUI.

Thanks,

Kashish

0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni
In response to Kashish_Patel

‎12-15-2012 06:45 AM

No problem, I will circle back and update once I can verify this in the lab. In the meantime can you mark Neno's first post as the solution so this topic can be marked as resolved.

Thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful
Customers Also Viewed These Support Documents