ISE 1.0.4 backup

Hi All,
I have taken backup on ISE  version 1.0.4 application data. When I am restoring it on 1.1.0, it says as below
7 [13168]: backup-restore:history: br_history.c[310] [admin]: added record to history
% The backup file decryption failed. Ensure that you are providing password used at the time of backup.
6 [13168]: backup-restore:restore: br_cli.c[843] [admin]: error message: The backup file decryption failed. Ensure that you are providing password used at the time of backup.
But there is no password I have specified when taking backup in 1.0.4. Can anyone please advise if I am missing something?
Thanks

you need to enter a encryption key when you create a back up

Similar Messages

  • ISE 1.2 scheduled backup not working

    Hi all,
    I have clean installation of ISE 1.2 (HA) Patch1  and tried to create scheduled backup from GUI. I can create it without problems but it does not start.
    I have created manual backups which are working fine, so there is no problem with FTP server. I have checked CLI and there is no kron job in CLI as I would expect it from version 1.1.x.
    Any idea or do you think its TAC case?
    Thanks,
    ML           

    There is known defect whereby if the timezone has more than 3 characters. Could you please check the timezone on the ISE CLI with "show timezone"
    CSCui44324    ISE 1.2 scheduled backup can't be configured
    Symptom:
    Backup task can't be configured in ISE 1.2 UI
    Conditions:
    Install/Upgrade ISE to v.1.2
    Login via GUI and try configure backup task under "Administration -> System -> Backup and restore".
    ISE timezone shortname is more than 3 characters (e.g. CEST).
    Workaround:
    N/A
    Further Problem Description:
    Looks like patch 2 would fix this defect.
    ~BR
    Jatin Katyal
    **Do rate helpful posts**

  • Cisco ISE 1.2 - NFS Backup

    I'm trying to use NFS to backup Cisco ISE on a schedule but I'm having difficulty.  I'm not sure what the settings should be or the proper syntax.          

    Hello David,
    Please share your ISE running configuration to find and verify syntex.
    Source or destination URL for an NFS network server. Use url nfs://server:path1.
    Server is the server name and path refers to /subdir/subsubdir. Remember that a colon (:) is required after the server for an NFS network server.
    Also please reverify below required format:
    The path must be valid and must exist at the time you create the repository. The following three fields are required depending on the protocol that you have chosen.
    –ServerName—(Required for TFTP, HTTP, HTTPS, FTP, SFTP, and NFS) Enter the hostname or IPv4 address of the server where you want to create the repository.
    –Username—(Required for FTP, SFTP, and NFS) Enter the username that has write permission to the specified server. Only alphanumeric characters are allowed.
    –Password—(Required for FTP, SFTP, and NFS) Enter the password that will be used to access the specified server. Passwords can consist of the following characters: 0 through 9, a through z, A through Z, -, ., |, @, #,$, %, ^, &, *, (, ), +, and =.

  • ISE backup not working while using tftp

    I have configured a repository on ISE admin node to use tftp for taking backups.
    repository master
      url tftp://<IP>
    I initiate backup on demand to use the defined repository and specify Application-only backup. After sometime, I see success on ISE node and "show backup history" also shows success
    ise/admin#    sh backup history
    Thu Sep 27 06:12:43 UTC 2012: backup backup1-120927-060253.tar.gpg to repository master: success
    Thu Sep 27 07:31:56 UTC 2012: backup backup1-120927-072227.tar.gpg to repository master: success
    However, when I check on tftp server, I see nothing. No files with names backup1-120927-060253.tar.gpg or backup1-120927-072227.tar.gpg...Has anybody else seen similar issue? Is there a bug with tftp server backup on ISE nodes?
    Thanks,
    Kashish

    Kashish,
    Can you try moving a small file over to the tftp server? Check the directory of the local disk and issue a a copy disk:/file tftp:/path.
    See if that moves a file over. I havent personally used tftp I always use ftp.
    Thanks,
    Tarik Admani
    *Please rate helpful posts*

  • ISE ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz fails

    Hi, folks.
    Anyone here who used "ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz" to upgrade his/hers ISE distributed deployment successfully ???
    I have tried it, using the procedure described in the Cisco ISE Upgrade Guide 1.2, it already fails at Step 1: Upgrading the secondary Administration Node first:
    - Data upgrade step 26/80, GuestUpgradeService(1.2.0.319)... Done in 0 seconds.
    - Data upgrade step 27/80, ProfilerUpgradeService(1.2.0.319)... Done in 6 seconds.
    - Data upgrade step 28/80, NetworkAccessUpgrade(1.2.0.326)... Done in 0 seconds.
    - Data upgrade step 29/80, GuestUpgradeService(1.2.0.341)... Done in 4 seconds.
    - Data upgrade step 30/80, NSFUpgradeService(1.2.0.344)... Done in 0 seconds.
    - Data upgrade step 31/80, RBACUpgradeService(1.2.0.344)... .Done in 96 seconds.
    - Data upgrade step 32/80, NSFUpgradeService(1.2.0.349)... Done in 0 seconds.
    - Data upgrade step 33/80, AuthzUpgradeService(1.2.0.351)... Done in 0 seconds.
    - Data upgrade step 34/80, RegisterPostureTypes(1.2.0.363)... ..........................Failed.
    Rolling back the configuration database...
    Starting application after rollback...
    % Warning: Do the following steps to revert node to its pre-upgrade state.
    -Register this node back to old Primary
    error: %post(CSCOcpm-os-1.2.0-899.i386) scriptlet failed, exit status 1
    % Application upgrade failed. Please check logs for more details or contact Cisco Technical Assistance Center for support.
    The running version is 1.1.4 with latest patch:
    Cisco Application Deployment Engine OS Release: 2.0
    ADE-OS Build Version: 2.0.4.120
    ADE-OS System Architecture: i386
    Copyright (c) 2005-2011 by Cisco Systems, Inc.
    All rights reserved.
    Hostname: ise-worf
    Version information of installed applications
    Cisco Identity Services Engine
    Version      : 1.1.4.218
    Build Date   : Wed Apr 10 22:20:22 2013
    Install Date : Fri May  3 19:16:05 2013
    Cisco Identity Services Engine Patch
    Version      : 1
    Install Date : Wed May 29 08:16:58 2013
    Cisco Identity Services Engine Patch
    Version      : 2
    Install Date : Mon Jun 10 05:29:21 2013
    Cisco Identity Services Engine Patch
    Version      : 3
    Install Date : Wed Jul 17 08:45:02 2013  
    The script tells me to check the logs ... but for what ??? Local log file (sh logg) is packed with errors (java, eap, cert ...) .......
    Contacting TAC for support is no option, because this is a test deployment only .....
    The same thing also happens, when I switch both Admin nodes (switch the primary to secondary) and try to upgrade the "new" secondary ..
    Any ideas ???

    Frank,
    There is a known defect CSCui58123 for this issue and here is the workaround to fix this issue and upgrade to go smooth.
    In the below patch please check your requirement policy's conditions and set the valid condition for the policy which has "Select Conditions" option as shown below.
    Policy > Policy Elements > Results > Posture > Requirements
    The requirement policy has a condition that is not set.  Shows "Select Conditions"
    Even if you do a fresh install and restore the ISE 1.1.4 backup to ISE 1.2 you are prone to hit this issue. As this is related to data , the upgrade model of the data is one and the same when you restore the ISE 1.1.4 data backup to ISE 1.2 and when you trigger the upgrade on ISE 1.1.4.

  • ISE version 1.2 patch-5 backup schedules

    Hi,
    I have ISE version 1.2 patch 5 and I have scheduled a backup every day @3am EST. 
    Now I would like to delete that backup schedule.  I know how to disable the backup but I would like to delete it completely.  In other words, I do not want to see it everytime I log into the WebUI Administration --> backup & restore.
    Is it possible?       

    At this time, you can only disable the scheduled backups, you cannot delete them.  I know that enhancements to the sceduled backup are scheduled for 1.2.1 and hope that this is one of them.
    Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.
    Charles Moreton

  • ISE Config Backup Failure - Data filesystem full above threshold

    Hi,
    Both the config and operational backups were working until earlier last month. Now the config backup is failing with the following error. No configuration or repository settings were changed.
    ISE 1.2.0.899 Patch 8 - Clustered with persona Node 1 = PAN, SMN, PSN .... Node 2 = SAN, PMN, PSN
    CLI history says the same:
    The local repository (disk:/) is looking good. The "/" filesystem is taking 77% space.
    Although it may not be relevant. Data Purging is set to 30 days in the GUI and Operations -> Reports -> Data Purging Audit indicates its running daily with success i.e. threshold_space = 80GB, used_space = 3GB.
    Is there a way to clean "/" filesystem ? It is filling up by roughly 1% every 5 days ? Note: the same on Node 2 is only 24% full.
    Any ideas on how to get the config backup issue resolved ?
    P.S. If images don't appear inline, please see the attachment
    Thanks,
    Rick.

    922963 wrote:
    Hi JK,
    Thanks for response. Yes, I am worried that it may not be enough. How about if I increase memory to 32GB, ie. I have two servers, both with 32GB? Will it be sufficient in case of one physical server fail for 8GB data?
    What is the point in having the 3rd physical box if two boxes have enough memory/capacity? You know, we need to pay licence according to no of CPU.
    thanks,
    HenryHi Henry,
    actually the recommended minimum number of physical boxes is 4 so that the witness protocol participants can all be on separate machines.
    But a minimum of 3 is highly recommended for a number of reasons related to partitioning:
    1. If you have only 2, then you are much more vulnerable to split brain scenarios (should for some reason the two servers not be able to communicate with each other, it is harder to decide which half should be the winner). In short how do you decide which box is unable to communicate with the rest of the cluster if there are only 2 boxes?
    2. You can't ensure a balanced and also machine safe partition distribution if you have a mismatching number of nodes on only 2 boxes. It would either be balanced or machine safe, but you can't get both at the same time. And you will either have mismatching number of nodes at startup or have mismatching number of nodes after one node failure.
    Best regards,
    Robert

  • ISE 1.3 Rollback and ISE 1.2 Backup

    Hi All,
    I am curious to know about following related to ISE
    1) ISE 1.3
        Once we installed ise 1.3, can we rollback to ise 1.2.0 or do we need to re-image it
    2) ISE 1.2
        If I take backup of ise 1.2.0, will it include backup of certificates also ?
    Please do share your views..
    Thanks,
    Aditya

    Hi cciesec2011,
    thanks for reply.
    I am curious about backup of ise 1.2 and certificates. can you share any link/document related to this.
    Thanks,
    Aditya

  • ISE 1.2 backup restore questions

    Hi all,
    I have been looking at the backup and restore procedure for ISE deployments and have to say I have found the documentation to be somewhat confusing in general. Whilst I get the gist of it I have found numerous areas that are grey. This question is the first of many but here we go.
    http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_backup.html#pgfId-1073378
    Based on that link to restore a failed primary admin node I am left wondering about the state of the licensing. In a deployment that has the licensing configured to utilise the UDIs of the primary and secondary node what happens after you have rebuilt the primary from the ground up?
    As far as I am aware when you run up a new node the UDI changes meaning that the license detail is no longer correct - how does this affect the rebuilt node becoming primary again and do you have to rehost the license to reflect the new UDI?

    Another question I have is about the restoration of monitoring data to a primary monitoring node that has temporarily failed. As per documentation it states that a manual backup should be taken from the secondary node and restored to the primary to essentially provide the missing events during the outage. I have a couple of questions about this process:
    1. What happens when the primary monitoring comes back online - does it sync up with the secondary monitoring node effectively overwriting the events the secondary has or does it just continue on its merry way?
    2. To restore data to the primary monitoring node do you need to de-register the primary before restoring the backup taken from the secondary and re-join it to the deployment or do you just restore from the primary admin GUI? As far as I can see this still means that there will be a hole in the data for the period of time it takes to restore from backup.

  • ISE 1.3 or Prime 2.1 NFS Backup to Synology NAS

    Hello,
    I have try this week to Backup the ISE and Prime to a Synology NAS.
    Since a time i´m sure that the configuration on ISE an Prime are ok also DNS an Ping are ok.
    The staging url is nfs://<servername>.it.lokal:/volume1/CiscoBackup/
    The debug on both shows me an mount problem.
    Username an password is correct configured.
    Have anybody a idea to solve this problem.
    Thanks!

    Hi cciesec2011,
    thanks for reply.
    I am curious about backup of ise 1.2 and certificates. can you share any link/document related to this.
    Thanks,
    Aditya

  • Cisco ISE Monitoring node backup size

    Hello All,
    We have a HA pair of ISE servers that have scheduled backups configured for the Admin persona (currently full weekly backup) and monitoring which is full weekly but with the addtional incremental daily backups. I've not seen any issue with the full weekly backup of the admin node however the monitor one provides unusual results in terms of file size between weekly and incremental backups.
    Given the fact that we are currently piloting this with very little radius activity i'm curious as to how the daily backups can be bigger in filesize than the weekly?
    The ISE is a ISE-3315-K9 running 1.1.3.124 and below are some examples
    -rw-r--r-- 1 tsmbackup tsmbackup 502960384 Apr 21 07:08 mntincr_1_<removed>.tar.gpg (Incremental backup)
    -rw-r--r-- 1 tsmbackup tsmbackup 459348307 Apr 21 01:04 mntdbfull_<removed>.tar.gpg (Full backup)
    Thanks in advance for any suggestions.
    M

    Hi,
    This could possibly due to ‘Data Purging’. When a purge operation triggers, if the actual used database disk space is greater than the configured threshold, the purge operation removes all data from the Monitoring database tables prior to the data retention window.
    Following link might help in your case,
    http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_mnt.html#wp1074687

  • ISE Backup Issue

    Hi,
    I've initiated a Full on demand Backup of my Administration node yet nearly 24 hours later I've still got nothing in teh Backup History and when checking the logs I can this message pretty much every hour on the hour
    Exiting DB cleanup as ISE backup or restore is in progress
    I've tried to view the Repository via the CLI interface and the command hangs as does the Write Memory command.
    Does anyone know how to kill the Backup process or if this behaviour is normal?
    Thanks
    Jason

    Hi Jason !
    Due to the size of the Monitoring database, the backup process can take a while to complete. To save
    time, you can perform incremental backups, after first completing an initial full database backup. A
    recommended step, purging unwanted data during the backup process permanently deletes data from the
    database, and can be configured as an automatic process.
    More over please do the following in CLI application status ise, application stop ise, application start ise.

  • ISE: how to use/analyze monitoring backups

    Is there a tool or any instructions on how to view/analyze the data contained in the scheduled monitoring Backups? (filename.tar.gpg),
    I have tryed to decrypt it with gpg4win but the operation result is an empty folder...
    thanks in advance

    These are the types of back up that are possible in the ISE device.
    For more information  please go to the link pasted below.
    http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_backup.html#wpxref35325
    •On-Demand Backup Settings
    •Cisco ISE Admin Groups, Access Levels, Permissions, and Restrictions
    •Backup and Restore Repositories
    •Scheduling a Backup
    •Performing a Backup from the CLI
    •Backup History
    •Backup Failures

  • ISE Application backup error

    Getting this error while taking Cisco ISE backup.
    Has anyone seen this?What is the solution? Tried with tftp/sftp repositories.
    Thanks.

    Looks like you're trying to take FULL backup.
    What kind of deployment you've? I think you have primary PAP and Primary Mnt on the same node.
    Please do "show disk" for checking up the space and "show backup history"
    Can you download from the GUI the following three log files and send them to me:
    Ise-psc.log
    Catalina.out
    ADE.log
    Let me know if you have any query.
    Jatin Katyal
    - Do rate helpful posts -

  • Taking Backup of Cisco Identity Service Engine (ISE)

    Hello
    I would like to know about taking backup of Cisco ISE.
    What are the things I can take backup of ?
    Thanks

    Backup Data Type
    Cisco ISE allows you to back up data from the primary or standalone Administration node and from the Monitoring node. Backup can be done from the CLI or user interface.
    Cisco ISE allows you to back up the following type of data:
    Configuration data—Contains both application-specific and Cisco ADE operating system configuration data.
    Operational Data—Contains monitoring and troubleshooting data.
    Restore operation, can be performed with the backup files of previous versions of Cisco ISE and restored on a later version. For example, if you have a backup from an ISE node from Cisco ISE, Release 1.2, you can restore it on Cisco ISE, Release 1.3.
    http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_01100.html#reference_4F69987D3294499E95C1B652C4D1E73D

Maybe you are looking for

  • ABAP and Java mapping

    Wanted to confirm my understaing for ABAP and JAVA mapping. Am I correct in my assumption that these mapping techniques can be used only if input and ouput is in XML format ? So if XI is receiving a flat comma separated text/non-XML file or an IDOC f

  • Update statement issue

    Whenever I join two tables in update statement following error occures ,However all columns exist update bio1 set appl_uid = demdata.appl_uid where bio1.cnic = demdata.cnic ora-00904 demdataid.cnic invalid indentifier

  • Item/lot Reservation against blanket sales agreement

    Hi all. my client has a requirement (in warehousing environment 11.5.10 CU2) to reserve the entire lot for a customer (preferably against a blanket sales agreement) and release the BSA in small quantities over a period of time. The lot is has to be r

  • "moving point" pen tool bug

    Whenever i'm trying to draw a shape with the pen tool, the beginning pint will move or float away from the start point. Any idea why this happens?

  • Can't start to download flash player

    GRR!!! Every time i try to download the new flash player a quote mark goes in the corner. I see that the player is on my computer when i go to add or remove programs but i can't seem to run it!! i enabled all my activeX stuff. Im desperate my compute