cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2018
Views
10
Helpful
7
Replies
Beginner

Primary ISE Node failure and replacement.

Hi,

I have a two node ISE Virtual appliance setup.

Node 1 - Primary Admin Role, Primary Monitoring Role, PSN

Node 2 - Secondary Admin Role, Secondary Monitoring Role, PSN

Node 1 failed recently and needs to be recreated. Needed help to establish step-by-step procedure for getting the node 1 back in service.

Planned Approach - 

1. Promote Node 2 as Primary Admin and Monitoring.

2. De-register failed Node 1 from the now Primary Admin Node (Node 2).

3. Setup new Node 1 with all patches, certificate, etc.

4. Restore operational backup on the new standalone node 1.

5. Add new node (Node 1) as secondary ISE node.

6. Promote Node 1 as primary Admin and Monitoring.

Is this approach ok or do i need to make any changes to it to ensure node 1 is put back in service with the current configuration and old log data.

Rgds,

Aniket Alashe

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Master

You can skip step 4.

You can skip step 4.

Your step 5 will replicate all of the policy and other configuration bits (including MnT logs up to the current time) that need to be synchronized for the deployment from Node 2.

7 REPLIES 7
Hall of Fame Master

You can skip step 4.

You can skip step 4.

Your step 5 will replicate all of the policy and other configuration bits (including MnT logs up to the current time) that need to be synchronized for the deployment from Node 2.

Beginner

Hello Marvin,

Hello Marvin,

Thanks for your help, but I had already performed the mentioned steps and the new node is back in service with all configuration and log data.

Thanks once again for your valuable inputs.

Rgds,

Aniket Alashe

Cisco Employee

Re: You can skip step 4.

are you sure about automatic replication of MNT logs?

Beginner

Re: You can skip step 4.

Hi

Do we have an answer for this?

 

Regards

Cisco Employee

Re: You can skip step 4.

If the replacement ISE node is to act as MNT and if it needs to report on historical data, then please restore the latest backup or take a new backup of OPS data and restore to the new ISE node.

That is, the historical data can only be restored by backup and restore of OPS data; the new events will send to the new ISE node once it registered with MNT persona.

Contributor

Re: Primary ISE Node failure and replacement.

Do Steps 1 and 6 require downtime? Will services be running all the time at least on Node 2? Or do the ISE (PSN) services restart during the promotion?

Highlighted
Contributor

Re: Primary ISE Node failure and replacement.

Yes, steps 1 and 6 require downtime. ISE services restart at the same time on both nodes.