Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1515
Views
2
Helpful
4
Replies

SFTP Backup Issues in 2.3

Go to solution
paul
Level 10
Level 10

‎11-16-2017 04:59 AM

I have been meaning to ask this for a while, but keep forgetting.  Are there known bugs with SFTP backups in 2.3?  It is completely unstable.  Here are two main symptoms:

  1. If you try to validate the repository in the GUI and it fails the browser will just hang and the ISE services will restart.
  2. When you do that actual backup periodically it will fail at 75% which is when ISE is trying to transfer the file to the SFTP server.  You can't cancel the backup at that point so the easiest way to get out of the stuck backup is to reboot the server.

I apologize if I have asked this question before, but I couldn't find a posting on it.  I have seen this on at least 5 of my 2.3 roll outs.  For now I have been telling my clients SFTP backup is unreliable in 2.3 and we have to use FTP.

1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎11-16-2017 09:14 AM

Some known issues on ISE 2.3 might be related: CSCvg32162, CSCvg48457 and CSCvg52304.

CSCvg32162 matching best with your description as it also stuck at 75% completion.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎11-16-2017 05:06 AM

Beside a bug search, I would recommend opening cases for each of your customers and getting assigned to a defect to put some engineering effort behind it

0 Helpful

Go to solution
paul
Level 10
Level 10
In response to Jason Kunst

‎11-16-2017 05:12 AM

Thanks Jason. I didn’t see anything in the bug search. I will try to replicate it in my lab setup and open a TAC case.

Paul Haferman

Office- 920.996.3011

Cell- 920.284.9250

0 Helpful

Go to solution
Ping Zhou
Level 8
Level 8
In response to Jason Kunst

‎11-16-2017 06:03 AM

Just to share some idea... i had similar symptoms. Had TAC case opened, turns out it was cypher suite mismatch between the ISE and our SFTP server. Doing ISE CLI commands “ssh“ to your SFTP server, “debug copy 7”, “debug transfer 7”, “debug backup-restore all” will show if there is mismatch. If this is the case, you will need to upgrade the SFTP server, there is no tunning on ISE side as far as I know of.

Go to solution
hslai
Cisco Employee
Cisco Employee

‎11-16-2017 09:14 AM

Some known issues on ISE 2.3 might be related: CSCvg32162, CSCvg48457 and CSCvg52304.

CSCvg32162 matching best with your description as it also stuck at 75% completion.

0 Helpful
Customers Also Viewed These Support Documents