Solved: isebackuprepository: error - transfer failed

Netmart · ‎01-03-2025

Hello,

I am trying to transfer ise-config via sftp.

I verified ssh connection by SSH from ISE box into SFTP server with same credentials I am using for configured repository, I also added the crypto host key. Still backup is failing:

#show backup history

: error - transfer failed

#backup test-sftp repository SFTP-SFTPserver ise-config encryption-key plain ****
6 [1473445]:[info] transfer: cars_xfer.c[333] [system]: sftp dir of repository SFTP-SFTPserver requested
6 [1473445]:[info] transfer: cars_xfer_util.c[2634] [system]: Server validation successful SFTPserver
7 [1473445]:[debug] transfer: sftp_handler.c[1215] [system]: Running sftp command: SFTPserver ciscoUser *** /data/sftp/ISE/ ls -l /data/sftp/ISE/
6 [1473445]:[info] transfer: sftp_handler.c[629] [system]: DEBUG: local user: admin UID: 0 sftp_run_parent FD: 5 remote host: SFTPserver remote user: ciscoUser command: ls -l /data/sftp/ISE/
7 [1473445]:[debug] transfer: sftp_handler.c[639] [system]: fd is:5
7 [1473446]:[debug] transfer: sftp_handler.c[322] [system]: Executing SFTP command: 0 admin /usr/bin/sftp -oIdentityFile=/home/admin/.ssh/id_rsa -oUserKnownHostsFile=/home/admin/.ssh/known_hosts -oPasswordAuthentication=yes ciscoUser@SFTPserver
3 [1473445]:[error] transfer: sftp_handler.c[412] [system]: sftp_select Error: timeout!
7 [1473445]:[debug] transfer: sftp_handler.c[1074] [system]: sftp parent status -999

Verify SSH access from ISE to SFTPserver:

#ssh SFTPserver ciscoUser version 2
******************************************************
* You have reached a restricted system. *
* *
* Unauthorized use is strictly prohibited and will *
* be prosecuted to the fullest extent of the law. *
* *
******************************************************
ciscoUser@SFTPserver's password:
Last login: Fri Jan 3 20:11:12 2025 from

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

ADE-OS Build Version: 3.2.0.401
ADE-OS System Architecture: x86_64

Copyright (c) 2005-2022 by Cisco Systems, Inc.
All rights reserved.
Hostname: mt-01-PAN-01-ac43

Version information of installed applications
---------------------------------------------

Cisco Identity Services Engine
---------------------------------------------
Version : 3.2.0.542
Build Date : Wed Oct 19 16:27:24 2022
Install Date : Wed Aug 23 18:01:36 2023

Cisco Identity Services Engine Patch
---------------------------------------------
Version : 2
Install Date : Wed Aug 23 19:08:30 2023

Please advise.

Thanks.

Netmart · ‎02-03-2025

Thank you everybody.

Eventually I was able to fix it:

Hitting: CSCwd31524 - PW limit 15 Characters

Version: 3.2.0.542

Patch: 2

ADE-OS Version: 3.2.0.401

============================================

Host Key + repo config restored via CLI

Version: 2.7.0.356

Patch: 2,3 6

ADE-OS Version: 3.0.7.057

View solution in original post

marce1000 · ‎01-04-2025

- Checkout this thread : https://community.cisco.com/t5/network-access-control/sftp-repository-issues-sftp-run-parent-error-unable-to-handle/td-p/4937264

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Netmart · ‎01-06-2025

Thank you Marcel, I am successfully using the same directory from a different ISE box.

Difference:

The not working ISE Box:

Cisco Application Deployment Engine OS Release: 3.2
ADE-OS Build Version: 3.2.0.401
ADE-OS System Architecture: x86_64

Working Box:

Cisco Application Deployment Engine OS Release: 3.1
ADE-OS Build Version: 3.1.0.135
ADE-OS System Architecture: x86_64

Though CSCwn17599 is listing Rel 3.3 patch 3 as the defect, I am wondering, if someone could please confirm/share the experience with:

Cisco Application Deployment Engine OS Release: 3.2
ADE-OS Build Version: 3.2.0.401

Thanks

Marcelo Morais · ‎01-04-2025

Hi @Netmart ,

please take a look at:

CSCwn22805 SFTP validation fails with error "unable to handle sftp output" .

CSCwn17599 SFTP server validation fails with ISE 3.3 patch 3.

Hope this helps !!!

Netmart · ‎01-06-2025

Thank you Marcelo.

Personas:

Administration

Role:

PRIMARY(A)

System Time:

Jan 06 2025 06:19:20 PM UTC

FIPS Mode:

Disabled

Version:

3.2.0.542

Patch Information:

2

Netmart · ‎01-06-2025

There is another bug, which claims that SFTP repos are working under ISE 3.p3:

CSCwd89657
Symptom:
--- certain SFTP repositories are not working on 3.1p4+
--- same SFTP repositories were working on ISE 3.p3

This does contradict:

CSCwn17599 SFTP server validation fails with ISE 3.3 patch 3

Hope someone from Cisco is watching this conversation and can weigh in.

Marcelo Morais · ‎01-07-2025

Hi @Netmart

different Cisco ISE versions:

the CSCwd89657 ISE 3.1 certain SFTP servers stopped working after upgrade to patch 4/5 is talking about ISE 3.1 P4+ and a rollback to ISE 3.1 P3.

the CSCwn17599 SFTP server validation fails with ISE 3.3 patch 3 is talking about ISE 3.3 P3 and a rollback to ISE 3.3 P2.