Issue with ISE distributed deployment upgrade from 1.3 to 2.1

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2017 01:22 PM
Hello All,
I was trying to do an ISE distributed deployment upgrade from 1.3 to 2.1
The current architecture is:
ISE-1: Primary PSN and secondary Admin node
ISE-2: Primary Admin, Secondary PSN and MNT node
ISE-3: Primary MNT node
The upgrade path followed: Secondary PAN, PSN (ISE-1) -> Primary MNT (ISE-3) -> PAN, Sec PSN (ISE-2)
ISE-1 was upgraded successfully but while upgrading ISE-3 (primary MNT node), got an error msg:
% Warning: Cannot upgrade this node until the standby PAP node is upgraded and running. If standby PAP is already upgraded
and reachable ensure that this node is in SYNC from current Primary UI.
Starting application after rollback…
I would like to get comments as to why would I be getting this message and ideas as to how should I go forward with the upgrade.
I am not sure if the primary admin node(ISE-2) can be upgraded before upgrading the primary MNT node(ISE-3).
-Thanks,
Paridhi Jain
- Labels:
-
Identity Services Engine (ISE)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-23-2017 03:50 PM
Paridhi, the three node deployment is not a supported setup. We support 3 deployment modes:
- Small: All three personas (Admin, MnT, PSN) in the same box
- Medium: Admin+MnT in the same box plus up to 5 PSNs
- Large: Admin as individual box, MnT as individual box, and up to 50 PSNs
Your deployment does not conform to any of the three mode above, so the upgrade cannot be completed. Check out the following document for more information:

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2017 07:39 AM
Because i have a 3 node deployment, I could modify my setup to fit the medium deployment mode with one node being the Admin+MnT and 2 other nodes being the PSN but according to the upgrade path if i do not have a secondary Admin i am supposed to make one of my PSN node as the secondary admin node which i think might still create the issue. Could you confirm this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2017 09:39 AM
That will still not meet the requirements of the medium deployment. As shown in the image below taken from the link in the previous response, you must have TWO Admin + MnT nodes. One hosting the Primary Admin Persona + Secondary MnT Persona and the other hosting the Secondary Admin Persona + Primary MnT Persona.
In a three node deployment, this leaves you with a single PSN. This is the ONLY supported three node deployment scenario. ALL others will continue to give issues during the upgrade process.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2017 10:05 AM
Please verify the replication ok to the ISE node you are upgrading. Perhaps try a manual syncup before re-attempts.
