12-11-2012 11:29 PM - edited 03-10-2019 07:53 PM
I am seeing a weird problem.
I deregistered secondary admin/monitor node from primary admin/monitor node. I see successfully deregistered message.
But the deregistered node is still showing SEC(A) and SEC(M). It is not changing to standalone mode.
This is disrupting the upgrade of distributed deployment of ISE nodes.
Any clues?
12-11-2012 11:36 PM
We are running
1.1.0.665 with patch 3 installed.
12-12-2012 10:53 AM
Are you able to login to the secondary node after you de-register and convert it to a standalone?
12-13-2012 08:48 PM
Seems as if there is some communication issues between the two nodes. I have seen this before and the best bet is to reset the config and restore the db from the administration node. I dont think forcing it to primary will do anything but its worth a shot.
Tarik Admani
*Please rate helpful posts*
12-13-2012 08:51 PM
12-13-2012 08:53 PM
Thanks for the update, if you opened a TAC case please make sure the bug is customer facing before closing this case. Can you share with us the details of this bug? And the workaround. High 5 for you providing this info.
Thanks,
Tarik Admani
*Please rate helpful posts*
12-13-2012 09:00 PM
Bug details:
Secondary node never becomes standalone after de-registration
The secondary node is de-registered successfully but a "The following deregistered nodes are not currently reachable:
Workaround Log in to the administrator user interface with internal Cisco ISE administrator credentials when de-registering a node.
Actually we had two accounts in web gui, nodes were registered using one account and during upgrade, i used different account , which triggered this bug.
12-13-2012 08:58 PM
Yep, 5 pints from me too And yes, please do share some more info on the bug. I will also recommend that you move to 1.1.1 as soon as possible (or 1.1.2) as 1.1.0 had a lot of DB issues.
12-13-2012 09:03 PM
Thanks Kashish for the helpful info....just out of curiosity do you know if you use and AD mapped account will trigger the same bug. I am planning for an upgrade from 1.1.1 to 1.1.2 and we have mapped AD accounts to the SuperAdmin role. I am curious if TAC was able to shed some light on this scenario.
Thanks again for this very helpful info!
Tarik Admani
*Please rate helpful posts*
12-13-2012 09:07 PM
Tarik,
I am not sure about AD mapped admin accounts. We were using local accounts on ISE Web GUI.
Thanks,
Kashish
12-15-2012 06:45 AM
No problem, I will circle back and update once I can verify this in the lab. In the meantime can you mark Neno's first post as the solution so this topic can be marked as resolved.
Thanks,
Tarik Admani
*Please rate helpful posts*
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide