ISE ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz fails

Similar Messages

• Ise-patchbundle-1.1.1.268-1-60802.i386.tar.gz

  Hi all,
  I installed ise-1.1.1.268.i386.iso on a scratch to the new NAC 3315. As i check cisco download mentioned it need to patch following files :
  ise-patchbundle-1.1.1.268-1-60802.i386.tar.gz
  But once try to patch it show like attachment message, is it mean that i no need to do the patching?
  Or is there any instruction need to remove and reinstall for this files.
  please advice, thanks
  Noel

  Yong,
  You can apply this patch from the web-base. This is not the application bundle so don't worry to apply via command-line.
  Cool !!
  But if you make a big change like upgrade the ise application, you should make it via command-line
  application upgrade ise-appbundle-x.x.x.xxx.i386.tar.gz "repository_name"
  But don't forget to set your repository (ftp, ...)
  Cheers !
  Pongsatorn M.

• In ISE (ise-3315) low reliability

  Hello.
  What will happen if ise- 3315 broke one HDD? In ISE low reliability - RAID no. How can a server for security do without RAID?
  How can we improve reliability?

  The best solution is going for the higher appliance or VMware solution for reference kindly see the following details
  Cisco Identity Services Engine Hardware Specifications
  Cisco Identity Services Engine Appliance 3315 (Small)
  Cisco Identity Services Engine Appliance 3355 (Medium)
  Cisco Identity Services Engine Appliance 3395 (Large)
  Processor
  1 x QuadCore Intel Core 2 CPU Q9400 @ 2.66 GHz
  1 x QuadCore Intel Xeon CPU E5504 @ 2.00 GHz
  2 x QuadCore Intel Xeon CPU E5504 @ 2.00 GHz
  Memory
  4 GB
  4 GB
  4 GB
  Hard disk
  2 x 250-GB SATA HDD
  2 x 300-GB SAS drives
  4 x 300-GB SFF SAS drives
  RAID
  No
  Yes (RAID 0)
  Yes (RAID 0+1)
  Removable media
  CD/DVD-ROM drive
  CD/DVD-ROM drive
  CD/DVD-ROM drive
  Network Connectivity
  Ethernet NICs
  4 x Integrated Gigabit NICs
  4 x Integrated Gigabit NICs
  4 x Integrated Gigabit NICs
  10BASE-T cable support
  Cat 3, 4, or 5 unshielded twisted pair (UTP) up to 328 ft (100 m)
  Cat 3, 4, or 5 UTP up to 328 ft (100 m)
  Cat 3, 4, or 5 UTP up to 328 ft (100 m)
  10/100/1000BASE-TX cable support
  Cat 5 UTP up to 328 ft (100 m)
  Cat 5 UTP up to 328 ft (100 m)
  Cat 5 UTP up to 328 ft (100 m)
  Secure Sockets Layer (SSL) accelerator card
  None
  Cavium CN1620-400-NHB-G
  Cavium CN1620-400-NHB-G
  Interfaces
  Serial ports
  1
  1
  1
  USB 2.0 ports
  4 (two front, two rear)
  4 (one front, one internal, two rear)
  4 (one front, one internal, two rear)
  Video ports
  1
  1
  1
  External SCSI ports
  None
  None
  None
  System Unit
  Form factor
  Rack-mount 1 RU
  Rack-mount 1 RU
  Rack-mount 1 RU
  Weight
  28 lb (12.7 kg) fully configured
  35 lb (15.87 kg) fully configured
  35 lb (15.87 kg) fully configured
  Dimensions (H x W x L)
  1.69 x 17.32 x 22 in.
  (43 x 440 x 55.9 mm)
  1.69 x 17.32 x 27.99 in.
  (43 x 42.62 x 711 mm)
  1.69 x 17.32 x 27.99 in.
  (43 x 42.62 x 711 mm)
  Power supply
  350W
  Dual 675W (redundant)
  Dual 675W (redundant)
  Cooling fans
  6; non-hot plug, nonredundant
  9; redundant
  9; redundant
  BTU rating
  1024 BTU/hr (at 300W)
  2661 BTU/hr (at 120V)
  2661 BTU/hr (at 120V)
  Compliance
  FIPS
  Uses FIPS 140-2 Level 1 validated cryptographic modules
  Uses FIPS 140-2 Level 1 validated cryptographic modules
  Uses FIPS 140-2 Level 1 validated cryptographic modules
  Cisco Secure Network Server 3415 (Small) - New
  Cisco Secure Network Server 3495 (Large) - New
  Processor
  1 x Intel Xenon Quad-Core 2.4 GHz E5-2609
  2 x Intel Xenon Quad-Core 2.4 GHz E5-2609
  Memory
  16 GB
  32 GB
  Hard disk
  1 x 600GB 6Gb SAS 10K RPM
  2 x 600GB 6Gb SAS 10K RPM
  RAID
  No
  Yes (RAID 0+1)
  CD/DVD-ROM drive
  No
  No
  Network Connectivity
  Ethernet NICs
  4 x Integrated Gigabit NICs
  4 x Integrated Gigabit NICs
  10/100/1000BASE-TX cable support
  Cat 5 UTP up to 328 ft (100 m)
  Cat 5 UTP up to 328 ft (100 m)
  Secure Sockets Layer (SSL) accelerator card
  None
  Cavium CN1620-400-NHB-G
  Interfaces
  Front Panel Connector
  1 x KVM console connector (supplies 2 USB, 1 VGA, and 1 serial connector)
  1 x KVM console connector (supplies 2 USB, 1 VGA, and 1 serial connector)
  Additional Rear Connectors
  Additional  interfaces including a VGA video port, 2 USB 2.0 ports, an RJ45 serial  port, 1 Gigabit Ethernet management port, and dual 1 Gigabit Ethernet  ports
  Additional  interfaces including a VGA video port, 2 USB 2.0 ports, an RJ45 serial  port, 1 Gigabit Ethernet management port, and dual 1 Gigabit Ethernet  ports
  System Unit
  Form factor
  Rack-mount 1 RU
  Rack-mount 1 RU
  Weight
  35.6 lbs (16.2 kg)
  26.8 lbs (12.1 kg)
  35 lb (15.87 kg) fully configured
  Dimensions (H x W x L)
  1.7 x 16.9 x 28.5 in.
  (4.32 x 43 x 72.4 cm)
  1.7 x 16.9 x 28.5 in.
  (4.32 x 43 x 72.4 cm)
  Power supply
  650W
  Dual 650W (redundant)
  Cooling fans
  5
  5
  Temperature: Operating
  32 to 104°F (0 to 40°C) (operating, sea level, no fan fail, no CPU throttling, turbo mode)
  32 to 104°F (0 to 40°C) (operating, sea level, no fan fail, no CPU throttling, turbo mode)
  Temperature: Nonoperating
  -40 to 158°F (-40 to 70°C)
  -40 to 158°F (-40 to 70°C)
  Compliance
  FIPS
  Uses FIPS 140-2 Level 1 validated cryptographic modules
  Uses FIPS 140-2 Level 1 validated cryptographic modules

• ISE - ISE-1.3.0.876-eval-2.ova login and password

  I downloaded the following ova file, but couldn't find any documentation for login and password.
  ISE-1.3.0.876-eval-2.ova
  - login and password
  Any help will be greatly appreciated. Thanks,

  It's an ova file. When I run it, it shows already installed and asks for a login and password. As mentioned in the download site, it is an evaluation installation for 100 devices. 
  I could not find any document on this file - ISE-1.3.0.876-eval-2.ova.
  Please let me know, if there is any document that provide a login and password for this ova pre-installed software.

• ISE upgrade to version 1.2

  My company ISE is installed into VM, we got a plan to upgrade the ISE form 1.1.1.268 to 1.2. But I read through all the documentation it required VM upgrade from 32 bits to64 bits.
  But I have confused with the VM portion. If my current are 32 bits VM running for 1.1.1.268, am I still able to upgrade using the "application upgrade" command to direct do the upgrade "ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz". What about the VM portion? I should need to manually change the VM from 32 bit to 64 bit or it is done automatically like the message below? Sorry I'm not VM guy and not sure about this portion.
  Generating Database statistics for optimization ....
  - Preparing database for 64 bit migration...
  % NOTICE: The appliance will reboot twice to upgrade software and ADE-OS to 64 bit. During this time progress of the upgrade is visible on console. It could take up to 30 minutes for this to complete.
  Rebooting to do Identity Service Engine upgrade...
  I should be worry about the license and certificate after the upgrade?

  I am not a VM guy either but if you follow the info on the link you should be fine. The tasks that you have outlined are tasks that happen automatically when you run the upgrade procedure. After that process is done, you will have to change the VM settings. So if you have a single ISE node you will need to:
  1. Run the upgrade process
  2. Power off the VM
  3. Adjust in VM Ware:
  - Type of OS (Mandatory)
  - RAM (Optional) - Check ISE's hardware installation guide
  - CPU (Optional) - Check ISE's hardware installation guide
  3. Power the VM back on and then test again
  If you have a distributed deployment then you will have to follow the instructions for that
  The document/link also answers your question about the certificates and license files:
  The upgrade process retains licenses and certificates. You do not have to reinstall or reimport them. Cisco ISE, Release 1.2, supports license files with two-node unique device identifiers (UDIs). You can request for a new license with the UDI of both the primary and secondary Administration nodes. See the Cisco Identity Services Engine Hardware Installation Guide for details.
  Thank you for rating helpful posts!

• ISE upgrade 1.1.4 to 1.2 Fail

  Hi there
  I´m upgrading a distributed enviroment with 2 Administration/monitoring nodes and 2 as a Policy. I´m upgrading from 1.1.4 patch 6 to 1.2.0.899
  I´ve upgraded first the secondary administration node and then the both Policy servers. Now they are already in 1.2 version, but when I´m going to upgrade the primary server (still in v1.1.4) seems as if there where still any server without upgrade.
  es-ise000/admin# application upgrade ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz disk
  Save the current ADE-OS running configuration? (yes/no) [yes] ? yes
  Generating configuration...
  Saved the ADE-OS running configuration to startup successfully
  Initiating Application Upgrade...
  % Warning: Do not use Ctrl-C or close this terminal window until upgrade completes.
  STEP 1: Stopping ISE application...
  % Warning: All secondary nodes should be upgraded and inline posture nodes should be de-registered before upgrading Primay PAP.
  Starting application after rollback...
  % Warning: The node has been reverted back to its pre-upgrade state.
  error: %post(CSCOcpm-os-1.2.0-899.i386) scriptlet failed, exit status 1
  % Application upgrade failed. Please check logs for more details or contact Cisco Technical Assistance Center for support.
  The servers are running in VMWare
  This are the servers already upgraded to 1.2
  This is from the primary administration server, still running 1.1.4
  Any Ideas
  Thanks in advance

  Hi ,
  The final step in the upgrade of ISE 1.2 is to upgrade the primary Administration node to Cisco ISE, Release 1.2.
  If the upgrade is success on this node then this node will be added to the new deployment as  a secondary Administration node. You can promote the secondary  Administration  node to be the primary node in the new  deployment. If you want to retain the secondary Administrative node from old deployment as your primary node, you must  obtain a license that includes the UDI of both the primary and secondary  Administration nodes.
  In case if you want to make your primary Admin node from old deployment as a Primary node in the new ISE 1.2 deployment then just promote the node.
  As you are facing difficulty in upgrading Primary Admin node from ISE 1.1.4 version to ISE 1.2 version you try the following steps.
  -The safest way is to re-image the ISE Primary node es-ise000 to ISE 1.2 version and join to the deployment. Once the node is joined successfully and replication is done , you can safely promote the original primary node es-ise000 as your Primary ISE node in new ISE 1.2 deployment.
  -The other way is to perform reset-config operation on the older Primary node and once it is done perform the upgrade operation and then register it back to the deployment of ISE 1.2 and then promote as Primary node once replication is completed.
  Thanks,
  Naresh

• Cisco ISE-3315-K9 version 1.1.1.268 upgrade to 1.2.0.899

  Hi Dears,
  I have two ISE devices. One of them sofware is 1.1.1.268 and one of them is 1.2.0.899. Now i want upgrade ISE 3315 software   1.1.1268 to 1.2.0.899.
  How can I do that?? Please help me.

  First, Create a repository in the ISE WebGUI by going to Administration > System > Maintenance and clicking Repository on the Left Menu:
  Click the +Add button and then fill out the configuration for the repository:
  Note that my repository name is Upgrade.
  Download the ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz file and place it in the location you configured in your repository.
  Perform a backup of your ISE.
  Install the latest patches for v1.1.1
  Log in to the CLI and issue the following command:
  application upgrade ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz Upgrade
  Wait.
  Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.Charles Moreton

• ISE Upgrade File Copy Error

  According to the Upgrade Guidelines for 1.2:
  Copy the upgrade bundle to the local disk using the copy command from the Cisco ISE CLI: copyftp-filepath ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz disk:/   Again, after you copy the upgrade bundle to the local disk, check to  ensure that the size of the upgrade bundle in your local disk is the  same as it is in the repository. Use the dir command to verify the size of the upgrade bundle in the local disk.
  When I attempt to run this command, I keep getting the error:
  "% long command detected at '^' marker"
  using the following command:
  " copy repository FTPDPZ ise-patchbundle-1.2.0.899-1-82500.x86_64.tar.gz"
  I have also tried to replace the repository + name with an IP address, with just the repository name, and with 100 other things.
  I tried to look up what a "long command" is, but I come up with nothing.
  What is the proper verbage to utilize this command?

  David,
  It figures, doesn't it?  No worries.  The repository system is a confusing one, but it is what we have.  I have found detailed instructions on using it, but they are for the Cisco Prime LMS product.  The process is the same (I used these unstructions when doing my ISE 1.2 Upgrade), just substitute file names as necessary.
  Step 1 Log into the shell and navigate to the location where the upgrade file, lms4_2_3_lnx_k9.zip is stored.
  myhost/admin# shell
  starting shell...
  [myhost/ root-ade ~]
  Note The  login name that appears in the command prompt depends on the login name  entered by the user while installing LMS on VM Console.
  Step 2 Unzip the lms4_2_3_lnx_k9.zip file to extract Cisco_Prime_LAN_Management_Solution_4_2_3.tar.gz.
  [myhost/ root-ade myloc] unzip lms4_2_2_lnx_k9.zip
  Step 3 Copy the Cisco_Prime_LAN_Management_Solution_4_2_3.tar.gz to local disk partition of LMS 4.2.2 installed server (/localdisk).
  Step 4 Log in with your credentials to the VM Console through Vsphere client.
  Step 5 Create either a local or remote repository. A repository contains URL and credential details
  myhost/admin# configure terminal
  myhost/admin(config)# repository <>
  myhost/admin(config-Repository)# url ?
    Enter repository URL, including server and path info (Max Size - 80)
  cdrom:  Local CD-ROM drive (read only)
  disk:   Local storage
  ftp:    URL using a FTP server
  http:   URL using a HTTP server (read only)
  https:  URL using a HTTPS server (read only)
  nfs:    URL using a NFS server
  sftp:   URL using a SFTP server
  tftp:   URL using a TFTP server
  Step 6 Combine the URL to the repository that uses a local or remote storage.
  a. The following IOS CLI shows how to combine the URL to a repository that uses a local storage:
  myhost/admin(config-Repository)# url disk:
  myhost/admin(config-Repository)# exit
  myhost/admin(config)# exit
  myhost/admin# write mem
  Generating configuration...
  myhost/admin#
  b. The following IOS CLI shows how to combine the URL to a repository that uses an anonymous FTP server:
  myhost/admin(config-Repository)# url ftp://<>
  myhost/admin(config-Repository)# user <> password plain <>
  myhost/admin(config-Repository)# exit
  myhost/admin(config)# exit
  myhost/admin# write mem
  Generating configuration...
  myhost/admin#
  You can use the above mentioned steps for other protocols.
  Step 7 Run the below command in the VM console in VSphere client.
  myhost/admin# application upgrade Cisco_Prime_LAN_Management_Solution_4_2_3.tar.gz <>
  Save the ADE-OS running configuration? (yes/no) [yes]?
  Step 8 Press Enter to continue with LMS 4.2.3 upgrade.
  An Application upgrade successful message appears.
  Here is the doc that contains these instructions:
  http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2.3/release/notes/lms4_2_3_release_notes.html#wp1183869

• Why can't I ftp files from my workstation to ISE?

  Hello,
  I get this message when I try to upload the ISE 1.2 upgrade files to my ISE nodes local disk...
  ISE-01/admin# Copy ftp://<my_workstation_IP_Address>/ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz. disk:/
  Username: rsundstrom
  Password:
  % Error: Transfer failed
  When I enter the 'dir' command at the ISE CLI the filename appears but the the file size is 0 (zero).
  I am trying to follow the guidelines for upgrading to V. 1.2. Placing the upgrade files on the ISE local disk is considered to be important.
  Any ideas?

  Robert,
  I was having major issues with attempting to transfer update files to ISE via FTP as well.  After trying numerous things, adn slamming my head into a wall for days, I was able to figure out the answer with a combination of a little guidance from here mixed with "Trial and Error" on my part.
  You can view the entire topic here:
  https://supportforums.cisco.com/message/4064096#4064096
  The copy string that finally worked for me is as follows:
  copy ftp://(username):(password)@(FTP Server IP Address)/ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz disk:/
  There REALLY needs to be updated documentation that explans in better detail the FTP copy commands that Cisco allows on the ISE servers, as well as the syntax.

• Cisco ise Repository not found

  I have a standalone ISE node, which is being stubborn about an upgrade...
  The docs say this should work, but I'm getting an error...
  ISE-01/admin# application upgrade ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz disk
  Save the current ADE-OS running configuration? (yes/no) [yes] ? yes
  Generating configuration...
  Saved the ADE-OS running configuration to startup successfully
  Initiating Application Upgrade...
  % Repository not found
  ISE-01/admin#

  Important Notes To Read Before You Upgrade
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/upgrade_guide/b_ise_upgrade_guide/b_ise_upgrade_guide_chapter_01.html#ID50

• Upgrade ISE 1.1.X

  Hi
  I have ISE 3315-K9 version 1.1.1.268
  I need to upgrade to version 1.2
  I read this post where he explain how to move from 1.1.3 patch 3 to 1.2
  https://supportforums.cisco.com/community/netpro/security/aaa/blog/2013/07/19/upgrading-to-identity-services-engine-ise-12
  But I would like to know how to upgrade 1.1.1.268 to 1.1.3 patch 3
  Thanks in advance for your help

  You can download ise-appbundle-1.1.3.124.i386.tar.gz to upgrade to 1.1.3 and the apply the latest patch for 1.1.3 (patch 8).
  Or you can apply the latest patch to your version 1.1.1 (patch 7) and then use this file ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz to upgrade to 1.2 directly.
  First, you have to have an FTP server (easiest to configure) and then configure a repository on the ISE.  the easiest way is therough the WebGUI by going to Administration > Maintenance and clicking on Repository on the left side menu.
  Click Add. Fill out the configuration for the FTP Server and click Submit.
  Then go to Administration > Backup & Restore and be sure to perform at least a Configuration Backup.
  Log in to the CLI in enable mode.
  Enter this command:
  application upgrade ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz <> (this is the name you set up for the repository created above)
  Your ISE WILL reboot.
  Once this is complete, log back in to the WebGUI and verify the install.  You can then go to Administration > Maintenance and choose Patch Management from the left menu to upload and install Patch 3 to the v1.2 install.
  Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.
  Charles Moreton

• How do I enable "Host-key" for my sftp server on ISE?

  Hello,
  I am having trouble copying my ISE 1.2 upgrade files to my local repositories.
  Here is a cut and paste from my CLI on one of my ISE nodes after attemtping to copy from my workstation (running an SFTP server) to one of my ISE nodes.
  XXX-ise-01/admin# Copy sftp://<My_SFTP_Server_IP_Address>/ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz. disk:/
  Username: Admin
  Password:
  % ERROR : Backup failed due to one of the following reasons
  1. host-key option is not configured
  2. host key is removed because of re-image
  3. host key is removed from some other repository having same ip/hostname
  % Please reconfigure the host-key option
  % Error: Transfer failed
  I have not configured anything with the "Host-Key" option.
  I have googled and searched but can only find limited references to the "Host-key" command within Cisco. I have tried various forms of this on the ISE node with no luck.
  I tried an FTP transfer but that did not work.
  Any ideas?

  I was wondering why the last character is capitalized. Also are you able to copy files from the disk file over to the same repository. I havent had any problems and I see in a seperate thread that the user gave other directions on how to transfer the file.
  If you can open two ssh connection and try to run the following command to tail the logs:
  "show logging system ade/ADE.log tail"
  You should get some messaging behind the error you are receiving, for example I went to look for a file that did not exist (even though I am using ftp you should get the same error).
  Here is when the transfer fails:
  2014-01-02T13:41:22.506519-06:00 ise01 ADE-SERVICE[4786]: [30325]:[info] transfe
  r: cars_xfer.c[264] [tadmani]: ftp copy in of ftp://172.16.249.1/test requested
  2014-01-02T13:41:22.522470-06:00 ise01 ADE-SERVICE[4786]: [30325]:[error] transf
  er: cars_xfer_util.c[349] [tadmani]: curl error: FTP: couldn't retrieve (RETR fa
  iled) the specified file
  2014-01-02T13:41:22.523040-06:00 ise01 ADE-SERVICE[4786]: [30325]:[error] copy:
  cm_copy.c[1144] [tadmani]: local file disk:/ transfer from url ftp://172.16.249.
  1/test failed retcode=-302
  2014-01-02T13:41:22.527148-06:00 ise01 ADEOSShell[30325]: ADEAUDIT 3017, type=CO
  PY, name=COPY IN FILE FAILED, username=tadmani, cause=Error while copying file f
  rom remote system, adminipaddress=172.16.247.12, interface=CLI, detail=Disk file
  disk:/ transfer from url ftp://172.16.249.1/test failed
  Here is when login fails:
  curl error: FTP: login denied
  Here is some logging around a successful transfer -
  2014-01-02T13:44:46.897499-06:00 ise01 ADE-SERVICE[4786]: [30766]:[info] transfe
  r: cars_xfer.c[264] [tadmani]: ftp copy in of ftp://172.16.249.1/running-config
  requested
  2014-01-02T13:44:46.934972-06:00 ise01 ADEOSShell[30766]: ADEAUDIT 2042, type=CO
  PY, name=COPY FILE, username=tadmani, cause=Copied a file, adminipaddress=172.16
  .247.12, interface=CLI, detail=Copied disk file disk:/ from url ftp://172.16.249
  .1/running-config successfully
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• Another kind of error, upgrading Cisco ISE 1.1.4patch3 to 1.2

  I'm failing to upgrade our distributed ISE environment of 3 nodes.
  Using ise-upgradebundle-1.1.x-to-1.2.0.899.i386.gz, MD5 sum is verified.
  All nodes are running 1.1.4 patch 3 and the cluster is in sync.
  Trying to upgrade secondary admin node first and get this error:
  Save the current ADE-OS running configuration? (yes/no) [yes] ?
  Generating configuration...
  Saved the ADE-OS running configuration to startup successfully
  Initiating Application Upgrade...
  % Warning: Do not use Ctrl-C or close this terminal window until upgrade completes.
  STEP 1: Stopping ISE application...
  STEP 2: De-registering node from current deployment.
  % Error: De-registering node from current deployment failed.
  Starting application after rollback...
  % Warning: Do the following steps to revert node to its pre-upgrade state.
  -Ensure that node is still present in current deployment from Primary UI, if not present register this node back again.
  error: %post(CSCOcpm-os-1.2.0-899.i386) scriptlet failed, exit status 1

  Upgrading a Distributed Deployment to Cisco ISE, Release 1.2
  http://www.cisco.com/en/US/docs/security/ise/1.2/upgrade_guide/b_ise_upgrade_guide_chapter_011.html
  States that
  Before You Begin
  If  you do not have a secondary Administration node in the deployment,  configure one Policy Service node to be the secondary Administration  node before beginning the upgrade process.
  Upgrade the secondary Administration node  from the CLI.
  The  upgrade process automatically deregisters Node Secondary Admin Node from the deployment  and upgrades it to Release 1.2. Node Secondary Admin Node becomes the primary node of the  new deployment when it restarts. Because each deployment requires at  least one Monitoring node, the upgrade process enables the Monitoring  persona on Node B even if it was not enabled on this node in the old  deployment. If the Policy Service persona was enabled on Node B in the  old deployment, this configuration is retained after upgrading  to t

• ISE 1.2.0 - Issue with Posture

  Hi Experts,
  I installed ISE 1.2.0.899 Patch 3. While testing, we found the below.
  1) Authentication Suceeded
  2) Redirection to NAC Agent Page is happening
  3) NAC Version 4.9.4.3 (latest) is getting downloaded.
  4) Status in ISE is shown as 'Pending' and stays the same.
  Even i tried changing the NAC agent version to 4.9.0.42. But stuck in Pending status only.
  Is there any solution for this..? do i need to apply patch or version..?
  Thanks in advance.

  Instructions for Upgrading to Cisco ISE, Release 1.2.1
  You can upgrade to Cisco ISE, Release 1.2.1 directly from any of the following releases:
  Cisco ISE, Release 1.1.0.665 with patch 5 or later
  Cisco ISE, Release 1.1.1.268 with patch 7 or later
  Cisco ISE, Release 1.1.2 with patch 10 or later
  Cisco ISE, Release 1.1.3 with patch 11 or later
  Cisco ISE, Release 1.1.4 with patch 11 or later
  Cisco ISE, Release 1.2.0.899 with patch 8 or later
  The process for upgrading to Release 1.2.1 is the same as upgrading to Release 1.2. The system reboots twice when you upgrade from Release 1.1.x to 1.2.1 because it involves a 32-bit to 64-bit system upgrade, but only once when you upgrade from Release 1.2.x to 1.2.1 because Release 1.2 is a 64-bit system.
  The application upgrade command is enhanced and includes the cleanup, prepare, and proceed options. You can use:
  Cleanup—To clean a previously prepared upgrade bundle on a node locally. You can use this option if:
  The application upgrade prepare command was interrupted for some reason
  The application upgrade prepare command was run with an incorrect upgrade bundle
  The upgrade failed for some reason
  Prepare—To download and extract an upgrade bundle locally. You can use this command followed by the application upgrade proceed command.
  Proceed—To upgrade Cisco ISE using the upgrade bundle you extracted with the prepare option. You can use this option after preparing an upgrade bundle instead of using the application upgrade ise-upgradebundle-1.2-to-1.2.1.xxx.i386.tar.gz remote-repository command.
  If upgrade is successful, this option removes the upgrade bundle.
  If upgrade fails for any reason, this option retains the upgrade bundle.
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/upgrade_guide/b_ise_upgrade_guide/b_ise_upgrade_guide_chapter_01.html#reference_4FF9C8C761A0456E8A94A7B307A603F5

• ISE 1.2.1 Install guide

  Anyone have a link to instructions on how to upgrade ISE 1.2 (patch 8) to 1.2.1? The release notes don't mention a new process and the old process gives a SHA error.

  Use the proceed option to upgrade Cisco ISE using the upgrade bundle you extracted with the prepare option. You can use this option after preparing an upgrade bundle instead of using the application upgrade < ise-upgradebundle-1.2-to-1.2.1.xxx.i386.tar.gz > < remote-repository>.
  1. If upgrade is successful, this option removes the upgrade bundle.
  2. If upgrade fails for any reason, this option retains the upgrade bundle.
  3. If you issue the application upgrade command when another application upgrade operation is in progress, you will see the following warning message:
  An existing application install, remove, or upgrade is in progress. Try again shortly.
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/cli_ref_guide/ise_cli/ise_cli_app_a.html