Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
400
Views
5
Helpful
7
Replies

MnT Node not receiving logs from PSN

henokk60
Level 1
Level 1

‎11-27-2025 12:35 AM

Hi All,

I have a 2-node deployment:

  • Node A – Admin (Primary), MnT (Primary), PSN

  • Node B – Admin (Secondary), MnT (Secondary), PSN

After migrating Node B to another site, we changed its IP address and then deregistered it from Node A. However, Node B is still showing as a secondary node. I was expecting it to become standalone. Could you advise how I can change Node B to standalone so that I can change the certeficate and DNS also and register again?

Thanks

0 Helpful
7 Replies 7

Kasun Bandara
VIP
VIP

‎11-27-2025 12:54 AM

@henokk60 hi, what is your ISE version? i found this guide for this kind of scenarios.

Solved: forcing ISE node to standalone - Cisco Community

if its not working, you may do the factory reset for Node B.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

Marcelo Morais
VIP
VIP

‎11-27-2025 01:10 PM

@henokk60 ,

1st deregister the Node B from the Cluster (at Administration > System > Deployment > select Node B and click Deregister)

Deregister Node.png

 

2nd migrate Node B to another Site, changing its IP Address during the process

3rd register Node B again to Node A's Cluster

 

About " ...  how I can change Node B to Standalone ... ", if Node B was properly deregister, you are able to change the Certificate and DNS.

About " ... Node B is still showing as a Secondary Node ... ", do you mean that you are able to see Node B on Node A's Cluster ?

 

Note: please take a look at: ISE - What we need to know about DNS Server

 

Hope this helps !

 

henokk60
Level 1
Level 1
In response to Marcelo Morais

‎12-01-2025 10:16 PM

Hi @Marcelo Morais
Node B is deregistered from the cluster and no longer appears in it. However, when I log in to the Node B GUI, the Deployment tab still shows its role as Secondary, and the FQDN and IP address displayed are also the old ones. In my opinion, in order to establish trust between Node A and Node B and add it back to the cluster, Node B must first be in standalone mode. Otherwise, the option to generate the CSR is not available. So how can I make the secondary role to standalone?

henokk60_0-1764656034281.png

 

Aref Alsouqi
VIP
VIP
In response to henokk60

‎12-02-2025 01:56 AM

If you want to convert that node to a standalone node then you can just click the "Promote to Primary" button and then afterwards that button will show "Make Standalone" where you can click on it and make it a standalone node. Here is couple of posts of mine that might help:

Promote ISE Secondary PAN to Become the Primary

Adding a Secondary ISE Node | Blue Network Security



 

Marcelo Morais
VIP
VIP
In response to henokk60

‎12-02-2025 09:28 PM

 

@henokk60 ,

 something weird must have happened for Node B not to be deregister when you use the "deregister process" on Node A (the PPAN).

 You can use the @Aref Alsouqi suggestion or you can :

  • install Node B from scratch (version and patch)
  • on Node A, register Node B again to the Cluster.

 

Note: installing from scratch has the benefit of eliminating any existing "garbage" in Node B.

 

Hope this helps !

 

0 Helpful

henokk60
Level 1
Level 1
In response to Marcelo Morais

‎12-04-2025 12:23 AM

@Marcelo Morais @Aref Alsouqi @Kasun Bandara 
Is there a command to reset the config only without reseting the IP and DNS?

0 Helpful
Customers Also Viewed These Support Documents