08-29-2024 11:54 AM - last edited on 08-29-2024 06:19 PM by shule
Hey guys I'm having an issue with my ISE licensing that I have not been able to figure out. I had a standalone ISE VM on an air gapped network with a PLR. A couple of months ago, the VM crashed and had to be rebuilt, so it has been on an eval license. I have gone into the licensing section and attempted to generate a PLR code for the permanent license, and I get an error that says "Reservation code creation for primary PAN has failed. Please try again". I have also tried PLR code generation through the CLI and have been unsuccessful, the only option i get in CLI is for ESR, and the assigning of an interface. I have attempted to work with Cisco tech support and opened a TAC but have not had a lot of feedback. The software version is 3.1.0.135; so far, none of the solutions i have found have fixed the issue, has anyone else seen this before?
09-03-2024 04:33 AM
This issue with generating a PLR code in Cisco ISE can be tricky, especially in an air-gapped environment. Here are a few steps you can try:
Check System Time and NTP Configuration: Ensure that the system time on your ISE VM is accurate. Incorrect time settings can cause issues with license reservation. If NTP is configured, make sure it’s syncing correctly.
Verify Network Configuration: Since the error involves the Primary PAN, double-check the network settings, particularly the interfaces and routes, to ensure there are no misconfigurations that could be causing communication issues within the ISE services.
Re-attempt PLR Generation via CLI:
Review Licensing Files and Keys: Ensure that any previous license files or keys are cleared out or not interfering with the new PLR request. Sometimes remnants of old licenses can cause conflicts.
TAC Logs and Detailed Logs: Gather detailed logs and submit them to TAC. You can enable detailed logging via the
ISE Software Update: Consider updating to a newer patch if available. Sometimes these types of bugs are resolved in later patches.
TAC Escalation: Since this is a critical issue, push for an escalation in your TAC case to ensure that it gets the necessary attention.
If none of these steps resolve the issue, it may require more in-depth troubleshooting with Cisco TAC, as there could be something specific to your environment or version causing the problem.
This might provide more insight into why the PLR request is failing.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide