cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6769
Views
10
Helpful
8
Replies

Primary ISE Node failure and replacement.

aniketalashe
Level 1
Level 1

Hi,

I have a two node ISE Virtual appliance setup.

Node 1 - Primary Admin Role, Primary Monitoring Role, PSN

Node 2 - Secondary Admin Role, Secondary Monitoring Role, PSN

Node 1 failed recently and needs to be recreated. Needed help to establish step-by-step procedure for getting the node 1 back in service.

Planned Approach - 

1. Promote Node 2 as Primary Admin and Monitoring.

2. De-register failed Node 1 from the now Primary Admin Node (Node 2).

3. Setup new Node 1 with all patches, certificate, etc.

4. Restore operational backup on the new standalone node 1.

5. Add new node (Node 1) as secondary ISE node.

6. Promote Node 1 as primary Admin and Monitoring.

Is this approach ok or do i need to make any changes to it to ensure node 1 is put back in service with the current configuration and old log data.

Rgds,

Aniket Alashe

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

You can skip step 4.

Your step 5 will replicate all of the policy and other configuration bits (including MnT logs up to the current time) that need to be synchronized for the deployment from Node 2.

View solution in original post

8 Replies 8

Marvin Rhoads
Hall of Fame
Hall of Fame

You can skip step 4.

Your step 5 will replicate all of the policy and other configuration bits (including MnT logs up to the current time) that need to be synchronized for the deployment from Node 2.

Hello Marvin,

Thanks for your help, but I had already performed the mentioned steps and the new node is back in service with all configuration and log data.

Thanks once again for your valuable inputs.

Rgds,

Aniket Alashe

are you sure about automatic replication of MNT logs?

Hi

Do we have an answer for this?

 

Regards

If the replacement ISE node is to act as MNT and if it needs to report on historical data, then please restore the latest backup or take a new backup of OPS data and restore to the new ISE node.

That is, the historical data can only be restored by backup and restore of OPS data; the new events will send to the new ISE node once it registered with MNT persona.

I am also facing the same issue, with the only difference being that the node to be replaced is on a physical appliance and the secondary one is on a virtual one. I wonder if the approach remains the same."

Peter Koltl
Level 7
Level 7

Do Steps 1 and 6 require downtime? Will services be running all the time at least on Node 2? Or do the ISE (PSN) services restart during the promotion?

Peter Koltl
Level 7
Level 7

Yes, steps 1 and 6 require downtime. ISE services restart at the same time on both nodes.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: