This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I'm upgrading our ISE deployment this weekend. I was planning to go to 2.4, but with Cisco changing the recommended to 2.6, I'm wondering if I should go to 2.6, or stick with 2.4 plan for now.
Has anyone seen major bugs in 2.6?
We use our deployment for MAB, wired, and wireless clients.
Solved! Go to Solution.
I just upgraded my single node lab from 2.4 patch 9 to 2.6 and after the upgrade completed, the application server is stuck in an initializing state. Not looking very promising on 2.6 so far...
I am running 2.6 in the lab and dev with very simple policies. So far, the basics seem to work with no bugs. The only bug I've seen is that I cannot use Chrome to edit AD membership...Safari or Firefox only. My biggest concern with 2.6 is how the policy nesting is so much different than 2.2.
@Timothy Abbott wrote:
We just released patch 3 for 2.6 and are very confident in the stability. At the same time, I recommend testing it in a lab environment with your current policies.
To add to tim's info we just made ISE 2.6 the suggested release. Thanks!
Ahh, I saw it moved to recommended, but patch 3 wasn't available at that time.
Don't suppose they have got the MAR cache to sync yet though.
Hi @Dustin Anderson ,
No, unfortunately, MAR cache syncing is not feasible yet.
Straight from the Admin guide page:
The Policy Service nodes in a distributed deployment do not share their Machine Access Restriction (MAR) cache with each other. If you have enabled the MAR feature in Cisco ISE and the client machine is authenticated by a Policy Service node that fails, then another Policy Service node in the deployment handles the user authentication. However, the user authentication fails because the second Policy Service node does not have the host authentication information in its MAR cache.
Refer this .
Yeah, it was supposed to have sync'd in 2.3, so we upgraded to it, but alas it actually didn't and was removed from the feature list.