Solved: Issue on my first installment of cisco ISE

Terry Lee · ‎12-31-2014

Hi, Thanks in advance,

This is my first time of being implementing cisco ISE 1.1.4 with Vmware Esxi v5.5

I have done following processes so far

- Created NTP,DNS,AD, of course ESXI up and running and have connection between all of them, ISE is able to sync time with ntp server as well as DNS, AD etc.

- I have created repository for installing application bundle - which is ise-appbundle-1.1.4.218.i386 as I could not find any application default.

However, while i was doing installation and it says '/opt/oracle/base/product/11.2.0/dbhome_1/bin/lsnrctl: error while loading shared libraries: libclntsh.so.11.1: cannot open shared object file: No such file or directory'.

I already check few forums and communities and I have no problems on syncing times on dns with ntp as well as ISE itself with ntp.

I have no firewall between devices and no other network devices are interfering.

and At the end of the logs, It comes up like this

########################################################################################

ERROR : FAILED TO START DB!

Database is not available within timeout of 240 seconds.

This could be the result of incorrect network interface configuration,

or lack of resources on the appliance or VM. Please fix the issue and run the following CLI to re-prime database:

'application reset-config ise'

########################################################################################

Im just lost now... Any recommendation ?

Marvin Rhoads · ‎12-31-2014

Well it's true that the CCIE Security uses ISE 1.1 as its basis. So for lab-only setup with that purpose you could go with it.

90% of things look the same and the concepts are identical from 1.1 to 1.3. Early versions were buggy though and we recommend all production users go with 1.3.

A fresh install of 1.14 should be OK; but you would not use the ISE appbundle gz archive - you would use the ISO for fresh install.

Please see screenshot below.

View solution in original post

jan.nielsen · ‎12-31-2014

What ISE version are you upgrading from, what patch level?

Terry Lee · ‎12-31-2014

Hi , Jan,

Im doing it from scratch. its v1.1.4 and I dont have any application on it so Im trying to installing it

Marvin Rhoads · ‎12-31-2014

If it's a lab or a greenfield installation I wouldn't even mess with ISE 1.1. There are a fair number of dependencies and complexities upgrading those earlier versions. Also, ISE 1.1 is not supported on VMware ESXi 5.5.

The current release is 1.3 and is better in almost every possible way.

Terry Lee · ‎12-31-2014

Thanks for your answer Marvin ,

I need to have ISE 1.1 up and running as Im preparing for my CCIE security LAB exam.

Is there many differences between 1.3 and 1.1 ?

As CCIE SECURITY covers ISE v1.1.

Regards.

Marvin Rhoads · ‎12-31-2014

Well it's true that the CCIE Security uses ISE 1.1 as its basis. So for lab-only setup with that purpose you could go with it.

90% of things look the same and the concepts are identical from 1.1 to 1.3. Early versions were buggy though and we recommend all production users go with 1.3.

A fresh install of 1.14 should be OK; but you would not use the ISE appbundle gz archive - you would use the ISO for fresh install.

Please see screenshot below.

Terry Lee · ‎01-02-2015

Thanks for your help Marvin

with ISO file, do I have to import its ISO file for application install?

I cannot find application ise by default once I install it on ESXi.

As my understanding , I have to install it first with ISO and import its file again with repository for application install

Marvin Rhoads · ‎01-02-2015

For an ISE 1.1.4 ISO , follow the procedure here to build an ISE server VM from scratch.

No repository is required or even involved during installation. Following the procedure will result in an operational ISE server (single node deployment with PAN, MnT and PSN personae) ready for creation of identity stores, authentication (AuthC) and authorization (AuthZ) policies etc.

Terry Lee · ‎01-02-2015

Thanks for your quick notice,

Do I have access to WEB GUI ?

Terry Lee · ‎01-02-2015

Ok,

Inline Posture Node is not supporting WEB GUI access, so how to start deploying WEB GUI? with this ? or do I have to change the deployment?

Marvin Rhoads · ‎01-02-2015

You've been asking about a primary ISE server - IPN (Inline Posture Node) is a separate persona that exists by itself and only as part of a larger multi-server deployment.

An IPN does not have a web GUI. It's basically a repackaging on the old NAC appliance. It has only command line interface (cli) and is managed (other than setup) via the Primary Admin Node (PAN) in an ISE deployment.

If you installed the ise-appbundle ISO I showed above that would not include the IPN.