cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6148
Views
10
Helpful
12
Replies

Upgrade ISE from 2.2 to 2.7 failed

Hi Good people,

 

I wish to ask for a deployment of ISE I am currently doing. I wish to upgrade from an existing Cisco ISE version 2.2.0.470 to 2.7.0.356.

 

But it was failed for the following reason in URT : 

ise1.JPG

 

after checking the URT logs, I found the following error in dbupgrade-data-global logs :

 

Policy upgrade failed. Found the following errors:
PS Name: null ,Failure: During upgrade of PS: Default , Got error: Failed to build a ConditionsData clause from INetworkAuthZCheck:70563d30-95fb-11e8-aa4c-d072dca0431a( disp. name:)

Retrived the data from Handlercom.cisco.cpm.ups.upgrade.impl.PolicyUpgradeHandler]
com.cisco.cpm.infrastructure.upgrade.api.UpgradeFailureException: com.cisco.cpm.infrastructure.upgrade.api.UpgradeFailureException: Policy upgrade failed. Found the following errors:
PS Name: null ,Failure: During upgrade of PS: Default , Got error: Failed to build a ConditionsData clause from INetworkAuthZCheck:70563d30-95fb-11e8-aa4c-d072dca0431a( disp. name:)

at com.cisco.cpm.ups.upgrade.UpgradeHandler.exportAndImport(UpgradeHandler.java:41)
at com.cisco.cpm.ups.upgrade.UpgradeHandler.execUpgrade(UpgradeHandler.java:29)
at com.cisco.cpm.ups.upgrade.impl.UPSUpgradeHandler.upgrade(UPSUpgradeHandler.java:162)
at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.UpgradeServices(UpgradeServiceRegistrar.java:132)
at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.main(UpgradeServiceRegistrar.java:185)
Caused by: com.cisco.cpm.infrastructure.upgrade.api.UpgradeFailureException: Policy upgrade failed. Found the following errors:
PS Name: null ,Failure: During upgrade of PS: Default , Got error: Failed to build a ConditionsData clause from INetworkAuthZCheck:70563d30-95fb-11e8-aa4c-d072dca0431a( disp. name:)

at com.cisco.cpm.ups.upgrade.impl.PolicyUpgradeHandler.importData(PolicyUpgradeHandler.java:79)
at com.cisco.cpm.ups.upgrade.UpgradeHandler.exportAndImport(UpgradeHandler.java:38)
... 4 more
Error while applying changes in version: 2.3.0.100 class: com.cisco.cpm.ups.upgrade.impl.UPSUpgradeHandler
com.cisco.cpm.infrastructure.upgrade.api.UpgradeFailureException: Failed to upgrade to version 2.3.0.100: com.cisco.cpm.infrastructure.upgrade.api.UpgradeFailureException: Policy upgrade failed. Found the following errors:
PS Name: null ,Failure: During upgrade of PS: Default , Got error: Failed to build a ConditionsData clause from INetworkAuthZCheck:70563d30-95fb-11e8-aa4c-d072dca0431a( disp. name:)

at com.cisco.cpm.ups.upgrade.impl.UPSUpgradeHandler.upgrade(UPSUpgradeHandler.java:170)
at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.UpgradeServices(UpgradeServiceRegistrar.java:132)
at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.main(UpgradeServiceRegistrar.java:185)
ERROR! isedataupgrade.sh FAILED. ISE GLOBAL DATA UPGRADE FAILED

 

Can anyone advice what to do about this?

Thank you

1 Accepted Solution

Accepted Solutions

pavagupt
Cisco Employee
Cisco Employee

it seems Global data upgrade is failing. would you please a raise a TAC case for this.

View solution in original post

12 Replies 12

pavagupt
Cisco Employee
Cisco Employee

it seems Global data upgrade is failing. would you please a raise a TAC case for this.

Damien Miller
VIP Alumni
VIP Alumni

You're likely hitting this known issue, as @pavagupt indicated, the easiest thing to do is work with TAC to correct it. Once you work through the issue, you can run the ISE URT (upgrade readiness test) bundle on the secondary node, and it will confirm if the issue has been resolved with a non impacting test upgrade. 
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs78160

Alright, guess no other option then, thanks @pavagupt and @Damien Miller for the answers!

 

Cheers,

Darmintra

Ju Lo
Level 1
Level 1

Thanks I am currently experiencing the same issue. So far TAC has asked me to ensure AUTH Z Simple Conditions are not in conflict with the AUTH Z Compound Conditions. At this time they aren't however the URT fails at the clone database post check seen in the screenshot.

Hi @Ju Lo ,

 what is the URT's error that you are experiencing?

 

 

urt-post-check-fail.jpg

 Hi, the issue I am experiencing is similar although whilst observing the each step being executed I did see an "Invalid MDMServernames" message that says 5/5 successful at the end of the step. I will probably capture that the next time I run the URT with TAC as we continue to try and identify where the conflict is occurring.

Hi @Ju Lo ,

 please take a look at:

Context Visibility > Endpoints
MDM Server = Not Empty

 check the MDM Server column.

 

Hope this helps !!!

Ju Lo
Level 1
Level 1

Hi @Marcelo Morais 

I checked the columns but its disabled (greyed out) for each section (see attached). I am running a 2.2 (patch 17) instance that I am trying to get to 2.7. Don't know if that makes a difference

Invalid-MDM_Servernames.jpg

 

Just what I was mentioning earlier. So far we have removed.

Hi @Ju Lo ,

 good news !!!

 

PS.: when you said "... I checked the columns but its disabled (greyed out) ...", please take a look at the following:

MDM SERVER.png

Hey @Marcelo Morais  thanks for your help so far and for the tip! I tried it out where applicableMDM_Column.jpg and as you can see nothing found. Also I'm still awaiting TAC to re-create in their LAB because we tried a number of things with no advancement.

looks like there is a data upgrade itself is failing.  If you are sure that it is caused by MDM, we have to get rid off all the MDM references .. be it in policies, profiles, conditions. were you able to disable the MDM server or remove the MDM server if it is not in enforcement in your environment ?