Showing results for 
Search instead for 
Did you mean: 

Issue with upgrading ISE from Version

Behzad Sharifi

Hi everyone

I am trying to Upgrade a Cisco ISE PSN and getting this error:


STEP 3: Validating data before upgrade...

%warning: Cannot upgrade this node as new PAP has patch(es) installed on it, please remove the patch(es) and try again.

I am running ISE version Patch version 5.

I have deployment setup and just upgrade my Secundery ISE Server node with out any problem with the same version and Patch(es).

Does it mean that I need to uninstall all the Patch(es) from the ISE PSN before to upgrade to the version


4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

Patches are cumulative and normally you should be able to upgrade from 2.1 patch 5 to 2.3. However there is a bug in the 2.3 upgrade process in that it fails to properly ascertain the readiness when one or more of the target nodes was patched non-sequentially. 


You should open a TAC case and they will be able to help you with a work around.

Hi Marvin


Thank you for your reply. I will create a TAC Case. 

Best regards 



I know this is a bit old post, but today i am having experience with 2.2 to 2.4 upgrade with the same error. 


Secondary was successfully upgraded, but when i upgrade the primary then i got the same error. 


I haven't found any related bug for this issue. 


Please advise!




I believe after upgrading the secondary ISE node a patch is installed. The primary node checks the version of the secondary at the step 3 ("Validating data before upgrade.."). The reason for this is, after the upgrade process finishes, the primary is automatically added to the new upgraded ISE deployment. However, if a patch is applied to the secondary, after the upgrade process primary cannot be added to the new deployment automatically because it would not have the patch installed.

In short, the mentioned message indicates the patch installed on the upgraded ISE node.

"STEP 3: Validating data before upgrade...
% Warning: Cannot upgrade this node as new PAP has patch(es) installed on it, please remove the patch(es) and try again."


I can think of two workarounds to this issue:

  1. Uninstall the patch on the upgraded secondary node (2.3 or 2.4) and try to upgrade the primary again
  2. Make the primary node standalone and then upgrade it and manually add it to the upgraded ISE deployment.

I know it has been some time for this discussion and the issue must have been resolved. The second method worked for me. I just want to have a record of the solution when it is searched.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: