Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
8218
Views
10
Helpful
8
Replies

Primary ISE Node failure and replacement.

Go to solution
aniketalashe
Level 1
Level 1

‎05-19-2017 09:33 PM - edited ‎03-11-2019 12:43 AM

Hi,

I have a two node ISE Virtual appliance setup.

Node 1 - Primary Admin Role, Primary Monitoring Role, PSN

Node 2 - Secondary Admin Role, Secondary Monitoring Role, PSN

Node 1 failed recently and needs to be recreated. Needed help to establish step-by-step procedure for getting the node 1 back in service.

Planned Approach - 

1. Promote Node 2 as Primary Admin and Monitoring.

2. De-register failed Node 1 from the now Primary Admin Node (Node 2).

3. Setup new Node 1 with all patches, certificate, etc.

4. Restore operational backup on the new standalone node 1.

5. Add new node (Node 1) as secondary ISE node.

6. Promote Node 1 as primary Admin and Monitoring.

Is this approach ok or do i need to make any changes to it to ensure node 1 is put back in service with the current configuration and old log data.

Rgds,

Aniket Alashe

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-20-2017 07:35 AM

You can skip step 4.

Your step 5 will replicate all of the policy and other configuration bits (including MnT logs up to the current time) that need to be synchronized for the deployment from Node 2.

View solution in original post

8 Replies 8

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-20-2017 07:35 AM

You can skip step 4.

Your step 5 will replicate all of the policy and other configuration bits (including MnT logs up to the current time) that need to be synchronized for the deployment from Node 2.

Go to solution
aniketalashe
Level 1
Level 1
In response to Marvin Rhoads

‎05-20-2017 11:07 PM

Hello Marvin,

Thanks for your help, but I had already performed the mentioned steps and the new node is back in service with all configuration and log data.

Thanks once again for your valuable inputs.

Rgds,

Aniket Alashe

0 Helpful

Go to solution
Dev Vishwakarma
Cisco Employee
Cisco Employee
In response to Marvin Rhoads

‎02-14-2018 11:03 AM

are you sure about automatic replication of MNT logs?

0 Helpful

Go to solution
daniel.landry
Level 1
Level 1
In response to Dev Vishwakarma

‎10-30-2018 06:58 AM

Hi

Do we have an answer for this?

 

Regards

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to daniel.landry

‎10-30-2018 09:44 AM

If the replacement ISE node is to act as MNT and if it needs to report on historical data, then please restore the latest backup or take a new backup of OPS data and restore to the new ISE node.

That is, the historical data can only be restored by backup and restore of OPS data; the new events will send to the new ISE node once it registered with MNT persona.

Go to solution
Arsene ALLOGO
Level 1
Level 1
In response to Marvin Rhoads

‎09-04-2023 10:51 AM

I am also facing the same issue, with the only difference being that the node to be replaced is on a physical appliance and the secondary one is on a virtual one. I wonder if the approach remains the same."

0 Helpful

Go to solution
Peter Koltl
Level 7
Level 7

‎10-24-2017 01:46 AM

Do Steps 1 and 6 require downtime? Will services be running all the time at least on Node 2? Or do the ISE (PSN) services restart during the promotion?

0 Helpful

Go to solution
Peter Koltl
Level 7
Level 7

‎11-11-2017 02:05 PM

Yes, steps 1 and 6 require downtime. ISE services restart at the same time on both nodes.

0 Helpful
Customers Also Viewed These Support Documents
Top