Re: Promote ISE secondary admin to primary.

lmqtechnology · ‎05-22-2016

How can you promote the ISE box currently hosting the secondary admin persona to primary? I need to know how to do this from the CLI as the admin password has expired and the primary ISE server has died.

nspasov · ‎05-22-2016

Hi there! I don't believe you can do the node "promotion" from CLI. This has to be done through the GUI:

Browse to the Secondary Admin Node > Administration > System > Deployment > Click on the "Promote to Primary" button

You should note though that the server will restart! Thus, you should plan this during a maintenance windows!

Now, if you are not able to access your GUI due to password expiration, you should:

Login to the CLI on affected node > issue application reset-passwd ise admin_username > then go back to the GUI and promote it to primary

I hope this helps!

Thank you for rating helpful posts!

lmqtechnology · ‎05-23-2016

problem is the password expired and then the primary died.. any options?

nspasov · ‎05-25-2016

Did you try resetting the GUI password via CLI? I have done this before and it worked for expired GUI passwords.

Thank you for rating helpful posts!

venccie777 · ‎01-23-2018

hello nspasov

regret to write on someone else' thread. But im facinig the same situation explained by the original poster.

The primary ISE is dead. And secondary ISE i have recovered the password and able to access the CLI.

But when i access the gui of the secondary ISE, it says password expired. But when i tried to "application reset-passwd" from secondary CLI it points to do the activity from Primary node. But primary node is down. Anyway to recover this condition or take the backup of the configuration?

This could be a case where Cisco could give the option to reset GUI password from secondary node in cases where primary is totally dead.

Any ways to get it work?

Thanks
Jay

Srihdasari · ‎02-08-2018

login into secondary GUI, go to deployment, there you will have an option to pomote to primary.

Marvin Rhoads · ‎05-25-2016

If the cl password is also expired then you need to perform password recovery. The procedure varies according to the platform as follows:

SNS 3300 series with DVD drive - restart server with ISE DVD (ISO image) in DVD drive and be connected via hardware console to interrupt the boot and recover password.

SNS 3400 series (UCS-based) - connect to CIMC and restart server. Mount virtual ISO image using CIMC utility and boot from it.

VM-based - restart VM and connect ISO via ESXi console.

Srihdasari · ‎02-08-2018

login into secondary GUI, go to deployment, there you will have an option to pomote to primary.

mhamburger · ‎10-14-2020

Did this issue ever get solved for anyone? Every proposed solution I see here did not actually read or understand the issue.

RchowdhuryNCL · ‎03-13-2024

Agree some people are helpful others not so and not have answered the question. I have Hyper V so I can't restart it and change password via the CD rom. How does one promote secondary node to primary in CLI without Gui

Greg Gibbs · ‎03-13-2024

The question was answered in the original response from 2016.. "Hi there! I don't believe you can do the node "promotion" from CLI. This has to be done through the GUI"

Promoting the Secondary to acting Primary is a change done in the underlying application. The CLI shell does not have access into this application functionality. The same applies to all current shipping versions of ISE.