Solved: Re: Upgrade ISE from 2.2 to 2.7 failed

DarmintraTandrawijaya49983 · ‎01-07-2021

Hi Good people,

I wish to ask for a deployment of ISE I am currently doing. I wish to upgrade from an existing Cisco ISE version 2.2.0.470 to 2.7.0.356.

But it was failed for the following reason in URT :

after checking the URT logs, I found the following error in dbupgrade-data-global logs :

Policy upgrade failed. Found the following errors:
PS Name: null ,Failure: During upgrade of PS: Default , Got error: Failed to build a ConditionsData clause from INetworkAuthZCheck:70563d30-95fb-11e8-aa4c-d072dca0431a( disp. name:)

Retrived the data from Handlercom.cisco.cpm.ups.upgrade.impl.PolicyUpgradeHandler]
com.cisco.cpm.infrastructure.upgrade.api.UpgradeFailureException: com.cisco.cpm.infrastructure.upgrade.api.UpgradeFailureException: Policy upgrade failed. Found the following errors:
PS Name: null ,Failure: During upgrade of PS: Default , Got error: Failed to build a ConditionsData clause from INetworkAuthZCheck:70563d30-95fb-11e8-aa4c-d072dca0431a( disp. name:)

at com.cisco.cpm.ups.upgrade.UpgradeHandler.exportAndImport(UpgradeHandler.java:41)
at com.cisco.cpm.ups.upgrade.UpgradeHandler.execUpgrade(UpgradeHandler.java:29)
at com.cisco.cpm.ups.upgrade.impl.UPSUpgradeHandler.upgrade(UPSUpgradeHandler.java:162)
at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.UpgradeServices(UpgradeServiceRegistrar.java:132)
at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.main(UpgradeServiceRegistrar.java:185)
Caused by: com.cisco.cpm.infrastructure.upgrade.api.UpgradeFailureException: Policy upgrade failed. Found the following errors:
PS Name: null ,Failure: During upgrade of PS: Default , Got error: Failed to build a ConditionsData clause from INetworkAuthZCheck:70563d30-95fb-11e8-aa4c-d072dca0431a( disp. name:)

at com.cisco.cpm.ups.upgrade.impl.PolicyUpgradeHandler.importData(PolicyUpgradeHandler.java:79)
at com.cisco.cpm.ups.upgrade.UpgradeHandler.exportAndImport(UpgradeHandler.java:38)
... 4 more
Error while applying changes in version: 2.3.0.100 class: com.cisco.cpm.ups.upgrade.impl.UPSUpgradeHandler
com.cisco.cpm.infrastructure.upgrade.api.UpgradeFailureException: Failed to upgrade to version 2.3.0.100: com.cisco.cpm.infrastructure.upgrade.api.UpgradeFailureException: Policy upgrade failed. Found the following errors:
PS Name: null ,Failure: During upgrade of PS: Default , Got error: Failed to build a ConditionsData clause from INetworkAuthZCheck:70563d30-95fb-11e8-aa4c-d072dca0431a( disp. name:)

at com.cisco.cpm.ups.upgrade.impl.UPSUpgradeHandler.upgrade(UPSUpgradeHandler.java:170)
at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.UpgradeServices(UpgradeServiceRegistrar.java:132)
at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.main(UpgradeServiceRegistrar.java:185)
ERROR! isedataupgrade.sh FAILED. ISE GLOBAL DATA UPGRADE FAILED

Can anyone advice what to do about this?

Thank you

pavagupt · ‎01-07-2021

it seems Global data upgrade is failing. would you please a raise a TAC case for this.

View solution in original post

pavagupt · ‎01-07-2021

it seems Global data upgrade is failing. would you please a raise a TAC case for this.

Damien Miller · ‎01-08-2021

You're likely hitting this known issue, as @pavagupt indicated, the easiest thing to do is work with TAC to correct it. Once you work through the issue, you can run the ISE URT (upgrade readiness test) bundle on the secondary node, and it will confirm if the issue has been resolved with a non impacting test upgrade.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs78160

DarmintraTandrawijaya49983 · ‎01-11-2021

Alright, guess no other option then, thanks @pavagupt and @Damien Miller for the answers!

Cheers,

Darmintra

Ju Lo · ‎03-10-2021

Thanks I am currently experiencing the same issue. So far TAC has asked me to ensure AUTH Z Simple Conditions are not in conflict with the AUTH Z Compound Conditions. At this time they aren't however the URT fails at the clone database post check seen in the screenshot.

Marcelo Morais · ‎03-10-2021

Hi @Ju Lo ,

what is the URT's error that you are experiencing?

Ju Lo · ‎03-11-2021

Hi, the issue I am experiencing is similar although whilst observing the each step being executed I did see an "Invalid MDMServernames" message that says 5/5 successful at the end of the step. I will probably capture that the next time I run the URT with TAC as we continue to try and identify where the conflict is occurring.

Marcelo Morais · ‎03-11-2021

Hi @Ju Lo ,

please take a look at:

Context Visibility > Endpoints
MDM Server = Not Empty

check the MDM Server column.

Hope this helps !!!

Ju Lo · ‎03-11-2021

Hi @Marcelo Morais

I checked the columns but its disabled (greyed out) for each section (see attached). I am running a 2.2 (patch 17) instance that I am trying to get to 2.7. Don't know if that makes a difference

Ju Lo · ‎03-11-2021

Just what I was mentioning earlier. So far we have removed.

Marcelo Morais · ‎03-11-2021

Hi @Ju Lo ,

good news !!!

PS.: when you said "... I checked the columns but its disabled (greyed out) ...", please take a look at the following:

Ju Lo · ‎03-11-2021

Hey @Marcelo Morais thanks for your help so far and for the tip! I tried it out where applicable and as you can see nothing found. Also I'm still awaiting TAC to re-create in their LAB because we tried a number of things with no advancement.

pavagupt · ‎03-14-2021

looks like there is a data upgrade itself is failing. If you are sure that it is caused by MDM, we have to get rid off all the MDM references .. be it in policies, profiles, conditions. were you able to disable the MDM server or remove the MDM server if it is not in enforcement in your environment ?