cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4893
Views
25
Helpful
12
Replies

Looking for Cisco ISE 2.4 Rootpatch file

Beacon Bits
Level 1
Level 1

Hello everyone,

 

I'm looking for a file to get a root access on Cisco ISE.

It requires this patch but I'm unable to find anywhere (root-patch file for Cisco ISE 2.4)

The file name is :

ssh-rootpatch-hrpsshnodisk.tar.gz

Could anyone please provide the link, please?

 

 

Regards,

B

2 Accepted Solutions

Accepted Solutions

Jason Kunst
Cisco Employee
Cisco Employee
The root patch is for tac and engineering use only

Please work through the tac

View solution in original post

The root key that accompanies the root patch also expires.  So even if you were to find both online somewhere that someone shared, it likely wouldn't work. 

View solution in original post

12 Replies 12

Jason Kunst
Cisco Employee
Cisco Employee
The root patch is for tac and engineering use only

Please work through the tac

Hi Jason,

 

Thanks, So I should stop looking for it.

I did read this on Cisco docs and other blogs as well.

 

Regards,

B

The root key that accompanies the root patch also expires.  So even if you were to find both online somewhere that someone shared, it likely wouldn't work. 

 

 - And it shouldn't be , if you are using open-source (Linux) as the underlying carrier-engine for ISE , then let users benefit from this too (open-source mindfulness) , when there are special  problems,

M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Please provide feedback using the ISE tool in the upper right.

- Cute, that seems more like a 1000-year action plan,,,,,! :-)

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

We don’t get in these discussions on technical help community

You can reach out with your sales team if this is a NEEDED feature.

 

 - It >is<  a technical issue; in the sense that an ISE customer shouldn't depend on a CISCO TAC case with long latency , when just needing to clear a ./tmp or /var/tmp on ISE which is usually production critical, But I don't want to end up in  a war-style discussion either. Thanks for your advises.

M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

I understand I will bring it up but more people bugging our PMs directly will get the WD40 ☺

The guys on the Community forum know that I have ranted about this before but I am glad I am not the only one.  And as Jason points out all the time, the PM's are not on these forums (which I think is a mistake and a shame).  Other Cisco products allow customers to get root access and it's not a technical advantage to block users from root access.  It's a CYA strategy and probably resulted from one nasty incident where one customer did something stupid and ruined it for all of us forever more.

The other fact is that if you get hold of this root patch, you can play around with it all you want - the cert lasts quite long actually.  So that in itself is a weak deterrent.

I have submitted numerous enhancements via the feedback form but I don't know where it ends up. It would be nice to see how our suggestions are tracking. 

 

Keeping the root patch discussion aside, you may want this to be checked with TAC to get to the root cause of the tmp folder filling up. This is either a bug or a VM resource allocation issue.

Coming to the Root patch discussion, we are trying to make ISE as much serviceable as possible without having the need for a root patch. Collecting a heap dump/thread dump from the CLI using “application configure ISE” in ISE 2.4 was the first step taken and trust me, we have a lot of emphasis and focus being put on serviceability and most of them are targeted for 2.6. I am not allowed to share more than this and the current stand is completely against customers having root access to the ISE and any changes needed to be done on the root will need to be done under TAC’s supervision.

If you can stop ISE VM, just mount ISE disks under another Linux VM where you have all the rights and do the cleanup. Also, having access to the ISE disks will give you the option to add an account with shell access and you can add it to sudoers. End of your stress...