Solved: ISE PAN rebuild 2.2 distributed network.

craiglebutt · ‎09-25-2017

hi,

I have 2 PAN 6 PSN running 2.2.

The PAN are under specked so built new VM.

I Took a full backup and exported certificates. I reebuilt a PAN same details just higher spec.

THen restored the backup and Certo.

I can see the deployment , but non off the PSN or secondary PAN won't sync back to the primary PAN.

what am I missing?

cheers

bravojared · ‎09-25-2017

Your Secondary Admin should be promoted to Primary.

Then Join the rebuilt Admin to the existing deployment of the rest of the nodes, with role of Secondary Admin.

Once synchronized, you can promote it back to primary.

View solution in original post

bravojared · ‎09-25-2017

Your Secondary Admin should be promoted to Primary.

Then Join the rebuilt Admin to the existing deployment of the rest of the nodes, with role of Secondary Admin.

Once synchronized, you can promote it back to primary.

hslai · ‎09-26-2017

Jared is correct that we usually promote the secondary PAN to primary first, de-register the original PAN to rebuild it and then join it back to the deployment.

Since you did not take that route and the secondary ISE nodes are unable to sync to the primary, please see if the secondary PAN still able to be promoted to primary. If not, then you will need to de-register all ISE nodes and then re-register them one-by-one back to the deployment.

There could be messages sync to other ISE nodes between the time the backup was taken and the new primary put into service, such that the further sync became out of order.