Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2668
Views
0
Helpful
2
Replies

Manually Patch Cisco ISE Deployment

Mike Campbell
Level 1
Level 1

‎10-06-2014 06:58 AM - edited ‎03-10-2019 10:05 PM

Is there a documented process for manually installing patch bundles in ISE? We had a bad experience last spring with deploying Patch 8 through the "fire and forget" patch installation through the GUI. We have held off far too long on patching our 20 node deployment and I will be asked whether the process failure was due to Patch 8, or whether the patching process itself failed. Please let me know if there is a procedure on how one would go about manually patching a deployment via the CLI.

 

Thank you

3 people had this problem
Labels:
0 Helpful
2 Replies 2

Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎10-06-2014 07:53 AM

install a patch from a primary administration node that is part of a distributed deployment, Cisco ISE installs the patch on the primary node and then all the secondary nodes in the deployment. If the patch installation is successful on the primary node, Cisco ISE then continues patch installation on the secondary nodes. If it fails on the primary node, the installation does not proceed to the secondary nodes. However, if the installation fails on any of the secondary nodes for any reason, it still continues with the next secondary node in your deployment. Secondary Cisco ISE nodes are restarted consecutively after the patch is installed on those nodes. While installing a patch on secondary nodes, you can continue to perform tasks on the primary administration node.

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/cli_ref_guide/ise_cli/ise_cli_app_a.html#pgfId-2476373

0 Helpful

Mike Campbell
Level 1
Level 1
In response to Venkatesh Attuluri

‎10-06-2014 08:35 AM

I understand how the process works, or at least how it is supposed to work. In this case back in the spring, our Admin and MNT primary and secondary nodes upgraded successfully, it was when it started rolling out the upgrades to our Policy nodes when it started failing. At that time, both or primary and secondary PSN's for all of our Wireless LAN Controllers failed to upgrade properly and were non-functional. We were forced either to roll back or manually reboot the policy nodes in order to get them online again. I am looking to avoid this situation again. I had done many patches prior to this failure, all without issue, but this had high visibility when the upgrade failed as it affected hundreds of wireless users.

0 Helpful
Customers Also Viewed These Support Documents