cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
410
Views
4
Helpful
10
Replies
Beginner

Bug in ACS-to-ISE migtool 2.1.0.474?

We're trying to migrate about 5,500 users from ACS 5.8.1.4 to ISE 2.1.0.474, but the migration tool (downloaded from the ISE) comes up with 1,200 warnings against certain usernames. An example is below:-

> 2016.09.21 17:13:20'050 : 'ldhs-neil' will not be exported because the name contains special characters  or space that are not supported by ISE.

The valid name can contain alphanumeric and ~@# $&*_+.-\ characters

It's not just a bogus warning; these accounts really don't get migrated.

The only character it could be grumbling about would be the hyphen, but that's in the list of allowed characters it provides as an example. They appear to be normal hyphens (-) and not em dashes () so I'm not sure why it's getting tripped up. Would this be a bug in the migration tool?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

From my recent discussion

From my recent discussion with DE team, they confirmed that it has been fixed using the enhanced migration tool. However the tool is still under testing but soon we are planning to post - Unfortunately, we can not share the tool as it needs approval. If you need to have access to the same tool now or in next few days. I would suggest to open a TAC case and attach ACS 5 configuration backup. This way we will run through the backup to understand if there is any additional issues you may have with the migration process.

~ Jatin

~Jatin Katyal
10 REPLIES 10
Cisco Employee

This is a known issue we are

This is a known issue we are in a process of releasing the enhanced migration tool that would address this issue. I don't have the official ETA of release date however if this issue is delaying things for you - Go ahead and open a TAC case and we would help you with beta version of migration tool. ~ Jatin

~Jatin Katyal
Beginner

Thanks for your response.

Thanks for your response. Unfortunately the serial number of our new brand-new ISE installation ends with an @ sign and is therefore rejected by the Support Case Manager page with a "Please specify a valid product serial number" error.

(We had the same issue when trying to license it last week, Cisco tech support had to edit the serial number on the licence at their end and re-issue it).

If it's possible to obtain a beta version of the tool without a TAC then I'd be grateful if you could help, I'm happy to feed back with results of using the tool (there are some other niggles in the current version that I hope are now fixed or at least optional, rebuilding overwritten guest authorisation policies isn't much fun).

Cisco Employee

I'm sorry for not looking

I'm sorry for not looking into your post anytime soon. Can you please provide me the output of show udi. Let me see if I can fix the issue for you.

~ Jatin

~Jatin Katyal
Beginner

Is there any update on this?

Is there any update on this? We've had to put the project on hold as we still have 1200 hyphenated accounts on ACS 4.2.1. Although ISE can check both itself and ACS for guests using web authentication, it refuses to do the same for guests using WPA2 Enterprise.

I'm reluctant to set ISE to hand off to the ACS 5.8 installation instead of 4.2.1 as this is only running in evaluation mode to facilitate the migration. If we switch to that we're against the clock, with 54 days left to complete migration using a tool we don't yet have.

Cisco Employee

Can you leave your contact

Can you leave your contact details in private.

~ Jatin

~Jatin Katyal
Beginner

Done (now I've found out how

Done (now I've found out how to do it)

Beginner

SPID: ISE-VM-09VPID:

SPID: ISE-VM-09
VPID: V01
Serial: <deleted>

Highlighted

Hello Jatin

Hello Jatin

Has this fix been released yet? I have 1200 accounts with a hyphen in them :(

Thanks

Mark

Cisco Employee

From my recent discussion

From my recent discussion with DE team, they confirmed that it has been fixed using the enhanced migration tool. However the tool is still under testing but soon we are planning to post - Unfortunately, we can not share the tool as it needs approval. If you need to have access to the same tool now or in next few days. I would suggest to open a TAC case and attach ACS 5 configuration backup. This way we will run through the backup to understand if there is any additional issues you may have with the migration process.

~ Jatin

~Jatin Katyal
Beginner

I can confirm that the new

I can confirm that the new migration tool imports the accounts correctly. We had an issue with another 100-or-so accounts which had spaces in the username, but that's no big deal.