Renew ISE appliance issues

Marcos Rodriguez · ‎09-03-2024

Hi all!!,

I have 8 ISE nodes (2 PAN, 2 MNT and 4 PSN) old model nodes SNS-3595-K9 and I want to replace them for new models SNS-3755-K9...

1º I've shutdown one of the old PSN nodes

2º Disconnect the old node from network

3º I deregistered old psn node in Deployment nodes menu... the PSN node went to Standalone Role... but it didn't disapear of deployment nodes menu and show me an error (attached image)

Node status is Disconnected, because of I powered off first... but I want to the node be removed, in order to connect the new HW for this node... with these added steps:

4º Begin with new node configuration bootstrap (new node has same 3.1 without patch)

5º Install patch 9 (same version that other nodes)

6º Install backup of certificates made some days ago from the disconnected node

7º Add the new HW node to Deployment and join it to AD

8º Add the new PSN node to load balancer, in order to work in production again...

*** Repeat the steps with te rest of new HW nodes...

Attached you can see the error I see when I click on "Deregister" option, and the deployment menu status of all nodes.

What I did incorrectly? what can I do for solve it?

Thanks in advance

Regards

Marcos

marce1000 · ‎09-03-2024

- You don't mention the ISE version , but if we look at this one :
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwi78722
which is a bit (not much) similar and look at the Workaround ;
it sure looks an issue for TAC involvement ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Marcos Rodriguez · ‎09-03-2024

If you check my point 4º when I install the version in new HW (ISE version 3.1) ... and 5º when I install patch 9 in new HW... then, my current version in old current production environment is 3.1 patch 9. I saw the bug before I wrote here, but that bug is about VM not physical appliance environment.

Thanks

marce1000 · ‎09-03-2024

- I known , I said all of that already but the syndrome : GET_PRIMARYINTERFACE ORA-01427
points to a similar issue , accessing or removing an interface in the ise db or inventory , therefore
I think best is to contact TAC ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Marcos Rodriguez · ‎09-03-2024

Thanks for your reply, I opened a ticket with TAC and I'm waiting for them, my post was for check if it's a general error with a simple solution without wait for TAC support. Thanks for your replies

marce1000 · ‎09-03-2024

>.... I saw the bug before
- If I may add about GET_PRIMARYINTERFACE ORA-01427 ,
ORA stands for oracle and that is a database query error code ; it's being discussed in
https://www.tekstream.com/resource-center/ora-01427-error-message/

Therefore it becomes an issue for TAC ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

ahollifield · ‎09-03-2024

Feels like a bug. What is your current version? Are you on the latest patch for that version?

Marcos Rodriguez · ‎09-03-2024

If you check my point 4º when I install the version in new HW (ISE version 3.1) ... and 5º when I install patch 9 in new HW... then, my current version in old current production environment is 3.1 patch 9

Thanks