Plan your time accordingly and verify this prior to the upgrade. You will need to shutdown ISE node again. Now when VM is up to proper version under Edit VM settings > VM Options change Guest OS to RHEL 7 (64-bit). Once done, it is good practice to start node back up for changes to propagate. To upgrade your VM you will need to turn it off and upgrade under Compatibility menu option. VM version needs to be VM10 otherwise, RHEL7 will not be available from a drop down menu. Upgrade the Virtual Machine (VM) OS to RHEL7. Now, once you have a working replica of production system we get on with the upgrade. Overall, restore process was very intuitive and as long as you follow Cisco guidance recovery from failure will be a success. To fix this issue re-import Internal CA store or regenerate Root CA on ISE under Administration > System > Certificates > Certificate Signing Requests > ISE Root CA. However, if you are using ISE internal CA for BYOD certificates provisioning you will need to import Internal CA store, otherwise you will get this error during authentication and BYOD flow may fail. Clients with certificates provisioned through MS SCEP did connect successfully after the restore (assuming you are using wildcard System Certificates issued by MS CA and they were re-imported successfully). One thing I noticed is if you are using external CA for certificate management there is no need to import Internal CA store. If you are building a test/lab system do not forget to rename sponsor and mydevices shortcuts after the restore as it will continue to reference production portals. In a testing environment, where hostnames will be different, you will need to regenerate Root CA on ISE as discussed further.Īfter the upgrade when importing certificate for portals you may get this cosmetic error so just ignore it and certificate should install anyway. Keep hostnames the same otherwise you can not re-import Internal CA store and you will get a validation error. Once passwords matched I was able to login to GUI after the restore. Changing password on CLI with application reset-passwd ise admin did not help so I had to reset config. I had a different password and after restoring from backup GUI login did not work. Make sure new nodes have the same Web UI admin login. This post is about my findings and lessons learned.įirst of all, before restoring from backup verify and match ISE OS and patch versions. This way I had a chance to run through restore steps and test upgrade process. In preparation for Identity Services Engine (ISE) 2.1 upgrade, I’ve replicated production environment in order to validate upgrade functionality.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |