05-19-2017 09:33 PM - edited 03-11-2019 12:43 AM
Hi,
I have a two node ISE Virtual appliance setup.
Node 1 - Primary Admin Role, Primary Monitoring Role, PSN
Node 2 - Secondary Admin Role, Secondary Monitoring Role, PSN
Node 1 failed recently and needs to be recreated. Needed help to establish step-by-step procedure for getting the node 1 back in service.
Planned Approach -
1. Promote Node 2 as Primary Admin and Monitoring.
2. De-register failed Node 1 from the now Primary Admin Node (Node 2).
3. Setup new Node 1 with all patches, certificate, etc.
4. Restore operational backup on the new standalone node 1.
5. Add new node (Node 1) as secondary ISE node.
6. Promote Node 1 as primary Admin and Monitoring.
Is this approach ok or do i need to make any changes to it to ensure node 1 is put back in service with the current configuration and old log data.
Rgds,
Aniket Alashe
Solved! Go to Solution.
05-20-2017 07:35 AM
You can skip step 4.
Your step 5 will replicate all of the policy and other configuration bits (including MnT logs up to the current time) that need to be synchronized for the deployment from Node 2.
05-20-2017 07:35 AM
You can skip step 4.
Your step 5 will replicate all of the policy and other configuration bits (including MnT logs up to the current time) that need to be synchronized for the deployment from Node 2.
05-20-2017 11:07 PM
Hello Marvin,
Thanks for your help, but I had already performed the mentioned steps and the new node is back in service with all configuration and log data.
Thanks once again for your valuable inputs.
Rgds,
Aniket Alashe
02-14-2018 11:03 AM
are you sure about automatic replication of MNT logs?
10-30-2018 06:58 AM
Hi
Do we have an answer for this?
Regards
10-30-2018 09:44 AM
If the replacement ISE node is to act as MNT and if it needs to report on historical data, then please restore the latest backup or take a new backup of OPS data and restore to the new ISE node.
That is, the historical data can only be restored by backup and restore of OPS data; the new events will send to the new ISE node once it registered with MNT persona.
09-04-2023 10:51 AM
I am also facing the same issue, with the only difference being that the node to be replaced is on a physical appliance and the secondary one is on a virtual one. I wonder if the approach remains the same."
10-24-2017 01:46 AM
Do Steps 1 and 6 require downtime? Will services be running all the time at least on Node 2? Or do the ISE (PSN) services restart during the promotion?
11-11-2017 02:05 PM
Yes, steps 1 and 6 require downtime. ISE services restart at the same time on both nodes.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide