01-07-2021 11:49 PM
Hi Good people,
I wish to ask for a deployment of ISE I am currently doing. I wish to upgrade from an existing Cisco ISE version 2.2.0.470 to 2.7.0.356.
But it was failed for the following reason in URT :
after checking the URT logs, I found the following error in dbupgrade-data-global logs :
Policy upgrade failed. Found the following errors:
PS Name: null ,Failure: During upgrade of PS: Default , Got error: Failed to build a ConditionsData clause from INetworkAuthZCheck:70563d30-95fb-11e8-aa4c-d072dca0431a( disp. name:)
Retrived the data from Handlercom.cisco.cpm.ups.upgrade.impl.PolicyUpgradeHandler]
com.cisco.cpm.infrastructure.upgrade.api.UpgradeFailureException: com.cisco.cpm.infrastructure.upgrade.api.UpgradeFailureException: Policy upgrade failed. Found the following errors:
PS Name: null ,Failure: During upgrade of PS: Default , Got error: Failed to build a ConditionsData clause from INetworkAuthZCheck:70563d30-95fb-11e8-aa4c-d072dca0431a( disp. name:)
at com.cisco.cpm.ups.upgrade.UpgradeHandler.exportAndImport(UpgradeHandler.java:41)
at com.cisco.cpm.ups.upgrade.UpgradeHandler.execUpgrade(UpgradeHandler.java:29)
at com.cisco.cpm.ups.upgrade.impl.UPSUpgradeHandler.upgrade(UPSUpgradeHandler.java:162)
at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.UpgradeServices(UpgradeServiceRegistrar.java:132)
at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.main(UpgradeServiceRegistrar.java:185)
Caused by: com.cisco.cpm.infrastructure.upgrade.api.UpgradeFailureException: Policy upgrade failed. Found the following errors:
PS Name: null ,Failure: During upgrade of PS: Default , Got error: Failed to build a ConditionsData clause from INetworkAuthZCheck:70563d30-95fb-11e8-aa4c-d072dca0431a( disp. name:)
at com.cisco.cpm.ups.upgrade.impl.PolicyUpgradeHandler.importData(PolicyUpgradeHandler.java:79)
at com.cisco.cpm.ups.upgrade.UpgradeHandler.exportAndImport(UpgradeHandler.java:38)
... 4 more
Error while applying changes in version: 2.3.0.100 class: com.cisco.cpm.ups.upgrade.impl.UPSUpgradeHandler
com.cisco.cpm.infrastructure.upgrade.api.UpgradeFailureException: Failed to upgrade to version 2.3.0.100: com.cisco.cpm.infrastructure.upgrade.api.UpgradeFailureException: Policy upgrade failed. Found the following errors:
PS Name: null ,Failure: During upgrade of PS: Default , Got error: Failed to build a ConditionsData clause from INetworkAuthZCheck:70563d30-95fb-11e8-aa4c-d072dca0431a( disp. name:)
at com.cisco.cpm.ups.upgrade.impl.UPSUpgradeHandler.upgrade(UPSUpgradeHandler.java:170)
at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.UpgradeServices(UpgradeServiceRegistrar.java:132)
at com.cisco.cpm.infrastructure.upgrade.impl.UpgradeServiceRegistrar.main(UpgradeServiceRegistrar.java:185)
ERROR! isedataupgrade.sh FAILED. ISE GLOBAL DATA UPGRADE FAILED
Can anyone advice what to do about this?
Thank you
Solved! Go to Solution.
01-07-2021 11:57 PM
it seems Global data upgrade is failing. would you please a raise a TAC case for this.
01-07-2021 11:57 PM
it seems Global data upgrade is failing. would you please a raise a TAC case for this.
01-08-2021 09:38 AM
You're likely hitting this known issue, as @pavagupt indicated, the easiest thing to do is work with TAC to correct it. Once you work through the issue, you can run the ISE URT (upgrade readiness test) bundle on the secondary node, and it will confirm if the issue has been resolved with a non impacting test upgrade.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs78160
01-11-2021 04:19 AM
Alright, guess no other option then, thanks @pavagupt and @Damien Miller for the answers!
Cheers,
Darmintra
03-10-2021 08:27 AM
Thanks I am currently experiencing the same issue. So far TAC has asked me to ensure AUTH Z Simple Conditions are not in conflict with the AUTH Z Compound Conditions. At this time they aren't however the URT fails at the clone database post check seen in the screenshot.
03-10-2021 01:56 PM
03-11-2021 05:45 AM
Hi, the issue I am experiencing is similar although whilst observing the each step being executed I did see an "Invalid MDMServernames" message that says 5/5 successful at the end of the step. I will probably capture that the next time I run the URT with TAC as we continue to try and identify where the conflict is occurring.
03-11-2021 06:15 AM
Hi @Ju Lo ,
please take a look at:
Context Visibility > Endpoints
MDM Server = Not Empty
check the MDM Server column.
Hope this helps !!!
03-11-2021 06:59 AM
I checked the columns but its disabled (greyed out) for each section (see attached). I am running a 2.2 (patch 17) instance that I am trying to get to 2.7. Don't know if that makes a difference
03-11-2021 07:18 AM
Just what I was mentioning earlier. So far we have removed.
03-11-2021 07:43 AM
Hi @Ju Lo ,
good news !!!
PS.: when you said "... I checked the columns but its disabled (greyed out) ...", please take a look at the following:
03-11-2021 08:29 AM
Hey @Marcelo Morais thanks for your help so far and for the tip! I tried it out where applicable and as you can see nothing found. Also I'm still awaiting TAC to re-create in their LAB because we tried a number of things with no advancement.
03-14-2021 09:27 AM
looks like there is a data upgrade itself is failing. If you are sure that it is caused by MDM, we have to get rid off all the MDM references .. be it in policies, profiles, conditions. were you able to disable the MDM server or remove the MDM server if it is not in enforcement in your environment ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide