02-11-2017 02:07 AM - edited 03-11-2019 12:27 AM
Hi, folks.
After successful upgrading from ISE 2.1 to 2.2, ISE has lost all Identity Groups (or at least does not show them):
Before upgrade (2.1):
After upgrade to 2.2:
The funny thing is:
I know a specific mac-address that has been part of the GuestEndpoints identity group, If I check on this specific mac-address (Context visibility/Endpoints) in 2.2, I still can see this mac is a member of GuestEndpoints:
But the group(s) itself is not visible/existent ...
I guess, at this time that would mean: Every authen/autho policy that has any group in it, will fail ! Including guestflow etc.... !!!
Right in this minute I am restoring a configuration backup that I took under 2.1 into the 2.2 box, hoping this
would bring the groups back up. I will continue commenting here ...
Rgs
Frank (Pretty pis...ed!)
02-11-2017 04:43 AM
Whoa. that's pretty huge. Thanks for notifying this thread. I guess 2.2 is definitely a no-go for upgrade as of now :( Let us how it goes from the restore.
Looks like we have at least one major documented issue with GUI upgrade from 2.1 p2 to 2.2.
2.1P2-> 2.2 GUI upgrade failure due to SSL exception
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc38488
Am sure many more will crop up when people start their upgrades.
02-11-2017 07:24 AM
Just what I was afraid of:
Neither restoring the operational backup nor restoring the config backup that was taken on v2.1 did make the groups reappear again ......
I was aware of that GUI upgrade bug you mentioned, so I did the upgrade using the CLI like stated in the 2.2 upgrade guide document.
I remember a lot of WARNINGS during the upgrade, but the update process continued and was called successful at the end ...... Nice success :-(
Maybe somebody else could run the upgrade and see how that ends, so that we can be sure that it is not related to our deployment only, but will happen in other deployments, too .. !!!
This is definitely a no-go !!!!
Rgs
Frank
02-24-2017 06:44 AM
A short update on this with additional information:
Installing ISE 2.2 from scratch and restoring a config backup taken under 2.1 does restore the identity groups !!!!
Seems like only upgrading from a 2.1 box loses the groups, fresh install does not ......!!!
09-05-2017 11:07 AM
FYI, the same case when upgrading from 2.2 to 2.3. I am going to rebuilt tomorrow and restore a backup
09-22-2017 07:32 AM
Thanks a lot for the information.
I upgraded 2.1 patch 3 to patch 5 (to fix a backup bug) then took a backup and ran the upgrade to 2.2
18 hours later, I cannot SSH into the VM or access the GUI.
I actually get a login prompt via SSH and get the banner then nothing happens when I enter the password, the prompt just freezes:
login as: admin
BANNER...
admin@10.23.83.157's password:
Maybe the best strategy is a fresh 2.2 and restore
Patrick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide