This is that i did abviously... but the two PSN stay in status "Node down", the application service won't start correctly with these ADE-OS logs entries : 2014-05-28T10:26:30.023223+00:00 XXXXXXX logger: info:[application:operation:appservercontrol.sh] Starting ISE Application Server... 2014-05-28T10:26:30.311676+00:00 XXXXXXX logger: Loading PKCS11 ... 2014-05-28T10:26:30.978432+00:00 XXXXXXX logger: SLF4J: Class path contains multiple SLF4J bindings. 2014-05-28T10:26:30.978454+00:00 XXXXXXX logger: SLF4J: Found binding in [jar:file:/opt/CSCOcpm/appsrv/apache-tomcat-6.0.36/lib/slf4j-log4j12-1.5.8.jar!/org/slf4j/im pl/StaticLoggerBinder.class] 2014-05-28T10:26:30.978502+00:00 XXXXXXX logger: SLF4J: Found binding in [jar:file:/opt/CSCOcpm/appsrv/apache-tomcat-6.0.36/lib/com.cisco.xmp.osgi.slf4j-log4j12-1.5. 8.PATCHED.jar!/org/slf4j/impl/StaticLoggerBinder.class] 2014-05-28T10:26:30.978509+00:00 XXXXXXX logger: SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation. 2014-05-28T10:26:31.638970+00:00 XXXXXXX logger: log4j:WARN No appenders could be found for logger (com.cisco.epm.config.cache.impl.ConfigCacheImpl). 2014-05-28T10:26:31.638992+00:00 XXXXXXX logger: log4j:WARN Please initialize the log4j system properly.
... View more
Hi all, I wanted to know if any bugs was registered for the cumulative patch 8 for Cisco ISE 1.2 and how to mitigate any patch failures. Important notice : I though that this error could be an unlucky try but i've tested the update two time. Indeed, i have three deployment : A Pre-production one, a 4 nodes distributed and a 2 nodes distributed. The patch works fine on the pre-production one, on the 2 nodes too but fails on the 4 nodes one with a very anormal behaviour. On the "show nodes status" in Maintenance - Patch manage, i can see that my both PAN are successfully patched and the first PSN too but when the "Patch in progress" appears on the second PSN, the "installed" status is cancelled in the first PSN and become "Patch in progress" so i've two "Patch in progress" in parallel, that is an anormal procedure not discribed by Cisco on the document "Installing a software Patch". (wich discribe a sequential update of all nodes) The symptoms after this error are : - Unable to process EAP-TLS authentications ! (CA are stored on the First PAN and seems to be unavailable from PSN to exchange the handshake) - The Application server try to restart but fails indefinitly even if i try to restart the node (on both PSN) - GUI Unavailable - MAB Auth is working - Endpoint and Endpoint Groups menus are missing on the GUI (I push the MAC Address through the ERS API but it is very strange) - Logs indicates one first "Patch success" on PAN and a second "Patch failed" still on PAN :( The task that resolves this issue is to launch the command "patch remove ise 8" on all nodes and everything come back functional. My big interrogation is that on my two other deployment, the patch was successfull and quick to process. Thanks for your help.
... View more