Solved: Re: After one week (!!) waiting

System Admin · ‎09-05-2016

Hello,

I have upgraded my 2 ISE nodes from v. 2.0.0.306 to 2.1.0.474. The upgrade succeeded but i could not connect to one node administration portal (the logging page show up but after the page is loading indefinitely (white page)). I had to recreate this node from scratch and i have joined it as secondary node to the cluster. The nodes status are good for both and they are correctly sync with AD.

But after the update i have these problems :

Once guest accounts are created, they are automatically disabled (status Created). I have to suspend the account and rehabilitated it. After that, the account status is active and is working correctly.

I have some replication errors each time i promote a node primary:

Error synchronizing object: Resource[NAC Group:NAC:DictionaryBucket: TC-NAC]; Operation : Update

I have already tried manual sync and deregister/register node again.

I have open a case (SR 680861979 ) but it has been a week and we only had first contact from Cisco Security TAC. So i will try here as maybe i will have a quicker answer to these issues.

You will find troubleshooting logs/screenshots attached.

ziyaayan15 · ‎11-15-2018

Manual Sync is solved the problem.

View solution in original post

System Admin · ‎09-05-2016

Ok i have found that a bug report exists :

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva84435/?referring_site=bugquickviewredir

If someone has a fix i would appreciate. The workaround is not a viable solution for us. I hope Cisco will be quick to address this issue.

System Admin · ‎09-07-2016

After one week (!!) waiting for Cisco we finally had an answer to our case. It was simply a configuration issue. To correct it go to Work Centers -> Guest Access -> Configure -> Guest Types

And for each guest types, click Edit and verify if the flag "Allow guest to bypass the Guest portal" is activated or not. For us it was not the case and this solved our issue.

I suspect the upgrade process from 2.0.0.306 to 2.1.0.474 changed this flag because we have not done any configuration change before or after the upgrade.

For the replication errors, i will continue to have a look to them. I have regularly this error :

Replication Failed : Server=xxxxxx; Message=Error synchronizing object: Alarm[null]; Operation: Update

And each time i promote a node :

Replication Failed : Server=xxxxxxxx Message=Error synchronizing object: Resource[NAC Group:NAC:DictionaryBucket:TC-NAC]; Operation: Update

Syncup or deregister/register the node does not help.

If someone has a clue, thank you for helping me !

ziyaayan15 · ‎11-14-2018

We are facing replication problem too. Can anyone find a solution? Version :2.4.0.357 Installed Patches: 3,4 Replication Failed : Server=xxxxx; Message=Error synchronizing object: Resource[NAC Group:NAC:DictionaryBucket

walwar · ‎11-15-2018

What happens if you do a manual sync? Admin > Deployment > check your secondary node and hit Syncup.. REMEMBER that this WILL stop and start your application on your secondary node, so if they are in production it might cause some problems.

ziyaayan15 · ‎11-15-2018

Manual Sync is solved the problem.

Jason Kunst · ‎11-15-2018

Not sure how this title is relevant to what the actual issue is. Please contact the tac to debug and troubleshoot

Replication error and guest accounts disabled when created (after updating from 2.0.0.306 to 2.1.0.474)