I was getting ready for an upgrade today and that's how I found the release was out already. :)

Node 1 completed, 3 more to go on this deployment...

Version information of installed applications
---------------------------------------------
Cisco Identity Services Engine
---------------------------------------------
Version : 2.1.0.474
Build Date : Wed May 25 04:34:43 2016
Install Date : Thu Jun 2 21:39:28 2016

admin# show application status ise

ISE PROCESS NAME STATE PROCESS ID 
--------------------------------------------------------------------
Database Listener running 30286 
Database Server running 61 PROCESSES
Application Server running 2110 
Profiler Database running 31568 
ISE Indexing Engine running 2711 
AD Connector running 27944 
M&T Session Database running 31476 
M&T Log Collector running 3372 
M&T Log Processor running 3283 
Certificate Authority Service disabled 
EST Service disabled 
SXP Engine Service disabled 
TC-NAC Docker Service disabled 
TC-NAC MongoDB Container disabled 
TC-NAC RabbitMQ Container disabled 
TC-NAC Core Engine Container disabled 
VA Database disabled 
VA Service disabled 
pxGrid Infrastructure Service disabled 
pxGrid Publisher Subscriber Service disabled 
pxGrid Connection Manager disabled 
pxGrid Controller disabled 
PassiveID Service disabled 
DHCP Server (dhcpd) disabled 
DNS Server (named) disabled 

Summary of info for reference.

FIRST BUG – NOT ACTUALLY RESOLVED.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCux68828/?referring_site=bugquickviewredir

ISE 2.0 blank screen after GUI login

CSCux68828

Problem Description:

This bug references that its fixed in 2.1 however it is not.  The release notes show as resolved as well.  I ran into this upgrading from 1.3 patch 6 to 2.1  Even after applying 2.1 patch 1 still was apparent.  It is related to the RBAC policies in place.  You have to remove the RBAC (role based admin policy) prior to upgrade or it fails to login properly.  Blank screen.

Table 9 Cisco ISE, Release 2.1, Resolved Caveats
http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/release_notes/ise21_rn.html#pgfId-688783

SECOND BUG – NOT CLEAR ON RESOLUTION

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva01828/?referring_site=bugquickviewredir

ISE 2.1 upgrade "ISE Indexing Engine did not start"

CSCva01828

Problem Description:

The title in the release notes is wrong.  Also in the description of the bug the workaround is not visible.  The workaround is to call TAC and have them fix the hosts file via root access.   The release notes also indirectly reference the issue but its not clear what to do.  It does not say you must contact TAC in order to resolve the issue.

Table 7 Cisco ISE Patch Version 2.1.0.474-Patch 1 Resolved Caveats
http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/release_notes/ise21_rn.html#pgfId-631740

Release notes excerpt
http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/release_notes/ise21_rn.html#pgfId-702976
Hostname Corruption in Elastic Search Configuration Files

This issue occurs when you have duplicate host entries in the /etc/hosts file and you might run in to deployment-related issues after upgrade (ISE Indexing Engine status turns to “not running”). As a workaround, remove the duplicate host entries with root, and restart Cisco ISE services.

Reverse DNS Lookup Configuration

Configure reverse DNS lookup for all Cisco ISE nodes in your distributed deployment in the DNS server(s). Otherwise, you may run into deployment-related issues after upgrade (“ISE Indexing Engine” status turns to “not running”).

Hello,

I´m on my 2nd migration to ISE 2.1 and I have the problem that here the "ISE Indexing Engine"  State  is "not running".

Any idea why the prozess is not running!?

Thanks and Regards

Marc

I am told this issue may be related to need to have Reverse DNS lookup configured on node for this to work

More specifically need to add PTR records (IP -> DNS name) which correspond to each regular forward A-record (DNS name to IP) for all the NIC(s) on ISE

Hello,

so we have checked the reverse DNS entrys in the DNS-Servers and add the missed one.

But also between a service restart and an reboot of the 2nd node only the Indexing Service still not running.

The messages in the cli was the same as discribed in the bug CSCva01828.

Any other idea or have I anything not seen that must be configured on ise self.

Thanks!

Did the procedure help resolve the problem on one of the servers?

I do not have moer suggestions and suggest you reach out to TAC. Sorry

contact Cisco TAC, need to get into root shell to delete one of the duplicate entry from hostname file which is created during upgrade to fix the "indexing service not running" issue.

I ran into the same issue today during an upgrade attempt from 1.3 -> 2.1. Seems to be a bug and something for TAC...

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva01828

So patch 1 is out now and CSCva01828 seems to be fxed. But from the info provided, I still can't make a proper judgement whether it will fix the Indexing Engine problem when upgrading from ISE 1.3. Additionally, when checking in the bug's details, there's still no entry in the "known fixed releases" section. I also don't know whether I'll be able to apply the patch at all if the Indexing Engine doesn't start after the upgrade. At least, it's not possible to log into the GUI after upgrading to the 2.1 base image when hitting CSCva01828.

Cisco needs to massively improve their overall quality in their products...

You can patch from the cli although if you have a distributed deployment you'll need to do it for each node.

CSCva01828 will not prevent you from logging into the GUI after upgrade. CSCva01828 impacts a single service from starting and can be resolved by subsequently installing patch 1 but does not impact login from GUI