Ise-patchbundle-1.1.1.268-1-60802.i386.tar.gz

Hi all,
I installed ise-1.1.1.268.i386.iso on a scratch to the new NAC 3315. As i check cisco download mentioned it need to patch following files :
ise-patchbundle-1.1.1.268-1-60802.i386.tar.gz
But once try to patch it show like attachment message, is it mean that i no need to do the patching?
Or is there any instruction need to remove and reinstall for this files.
please advice, thanks
Noel

Yong,
You can apply this patch from the web-base. This is not the application bundle so don't worry to apply via command-line.
Cool !!
But if you make a big change like upgrade the ise application, you should make it via command-line
application upgrade ise-appbundle-x.x.x.xxx.i386.tar.gz "repository_name"
But don't forget to set your repository (ftp, ...)
Cheers !
Pongsatorn M.

Similar Messages

ISE ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz fails

Hi, folks.
Anyone here who used "ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz" to upgrade his/hers ISE distributed deployment successfully ???
I have tried it, using the procedure described in the Cisco ISE Upgrade Guide 1.2, it already fails at Step 1: Upgrading the secondary Administration Node first:
- Data upgrade step 26/80, GuestUpgradeService(1.2.0.319)... Done in 0 seconds.
- Data upgrade step 27/80, ProfilerUpgradeService(1.2.0.319)... Done in 6 seconds.
- Data upgrade step 28/80, NetworkAccessUpgrade(1.2.0.326)... Done in 0 seconds.
- Data upgrade step 29/80, GuestUpgradeService(1.2.0.341)... Done in 4 seconds.
- Data upgrade step 30/80, NSFUpgradeService(1.2.0.344)... Done in 0 seconds.
- Data upgrade step 31/80, RBACUpgradeService(1.2.0.344)... .Done in 96 seconds.
- Data upgrade step 32/80, NSFUpgradeService(1.2.0.349)... Done in 0 seconds.
- Data upgrade step 33/80, AuthzUpgradeService(1.2.0.351)... Done in 0 seconds.
- Data upgrade step 34/80, RegisterPostureTypes(1.2.0.363)... ..........................Failed.
Rolling back the configuration database...
Starting application after rollback...
% Warning: Do the following steps to revert node to its pre-upgrade state.
-Register this node back to old Primary
error: %post(CSCOcpm-os-1.2.0-899.i386) scriptlet failed, exit status 1
% Application upgrade failed. Please check logs for more details or contact Cisco Technical Assistance Center for support.
The running version is 1.1.4 with latest patch:
Cisco Application Deployment Engine OS Release: 2.0
ADE-OS Build Version: 2.0.4.120
ADE-OS System Architecture: i386
Copyright (c) 2005-2011 by Cisco Systems, Inc.
All rights reserved.
Hostname: ise-worf
Version information of installed applications
Cisco Identity Services Engine
Version      : 1.1.4.218
Build Date   : Wed Apr 10 22:20:22 2013
Install Date : Fri May 3 19:16:05 2013
Cisco Identity Services Engine Patch
Version      : 1
Install Date : Wed May 29 08:16:58 2013
Cisco Identity Services Engine Patch
Version      : 2
Install Date : Mon Jun 10 05:29:21 2013
Cisco Identity Services Engine Patch
Version      : 3
Install Date : Wed Jul 17 08:45:02 2013
The script tells me to check the logs ... but for what ??? Local log file (sh logg) is packed with errors (java, eap, cert ...) .......
Contacting TAC for support is no option, because this is a test deployment only .....
The same thing also happens, when I switch both Admin nodes (switch the primary to secondary) and try to upgrade the "new" secondary ..
Any ideas ???

Frank,
There is a known defect CSCui58123 for this issue and here is the workaround to fix this issue and upgrade to go smooth.
In the below patch please check your requirement policy's conditions and set the valid condition for the policy which has "Select Conditions" option as shown below.
Policy > Policy Elements > Results > Posture > Requirements
The requirement policy has a condition that is not set. Shows "Select Conditions"
Even if you do a fresh install and restore the ISE 1.1.4 backup to ISE 1.2 you are prone to hit this issue. As this is related to data , the upgrade model of the data is one and the same when you restore the ISE 1.1.4 data backup to ISE 1.2 and when you trigger the upgrade on ISE 1.1.4.

ISE 1.1.1 Patch 1 - Manifest.xml not found

Hi, guys.
Anyone already installed ISE 1.1.1 patch "ise-patchbundle-1.1.1.268-1-60802.i386.tar.gz" successfully ??
When trying to install it via gui, ise tells me that "manifest.xml" is not found in the archive ...
But when I open the archive, the file is in it, I can extract all files without error.
After doing some checking, I found out that the md5 hash and the filesize of the file I downloaded
are different ...
Filesize and hash on cisco.com:
Filesize and hash of downloaded file:
Any ideas, what could be wrong ???
Rg
Frank

Hi,
yes, I did, tried like twelve times, using different browsers, operating systems, with or without http proxies, .....
Always the same result: different hash, different size
Then I enter my question here, and magically one day later I can download a different file, this time with a correct hash
correct filesize, different archive content, but the same name ..... ;-)

ISE upgrade failing with "% Manifest file not found in the bundle"

Hello
I am trying to upgrade a brand new ISE 3395 from 1.0.3.337 to 1.0.4 (latest). It keeps failing with
% Manifest file not found in the bundle
Here is the output:
company-ise-01/admin# application upgrade ise-appbundle-1.0.4.573.i386.tar.gpg ftp
Save the current ADE-OS running configuration? (yes/no) [yes] ?
Generating configuration...
Saved the ADE-OS running configuration to startup successfully
Initiating Application Upgrade...
% Manifest file not found in the bundle
fusd-ise-01/admin# sh application version ise
Cisco Identity Services Engine
Version      : 1.0.3.377
Build Date   : Fri May 6 19:30:37 2011
Install Date : Wed Oct 12 22:18:26 2011
I can't find anything about this for ISE, although there are a lot of topics for the same error for ACS. Thanks in advance.
Saro

Same problem with 1.1.2 and 1.1.1 patch 5:
ISEcdemo/admin# sh ver
Cisco Application Deployment Engine OS Release: 2.0
ADE-OS Build Version: 2.0.4.018
ADE-OS System Architecture: i386
Copyright (c) 2005-2011 by Cisco Systems, Inc.
All rights reserved.
Hostname: ISEcdemo
Version information of installed applications
Cisco Identity Services Engine
Version      : 1.1.1.268
Build Date   : Mon Jun 25 05:49:23 2012
Install Date : Wed Sep 12 09:12:53 2012
Cisco Identity Services Engine Patch
Version      : 1
Install Date : Wed Sep 12 10:01:22 2012
Cisco Identity Services Engine Patch
Version      : 2
Install Date : Wed Sep 12 13:10:36 2012
Cisco Identity Services Engine Patch
Version      : 3
Install Date : Tue Nov 27 12:33:19 2012
Cisco Identity Services Engine Patch
Version      : 4
Install Date : Tue Nov 27 12:52:50 2012
ISEcdemo/admin# patch install ise-patchbundle-1.1.1.268-5-68046.i386.tar.gz my2
Save the current ADE-OS running configuration? (yes/no) [yes] ? yes
Generating configuration...
Saved the ADE-OS running configuration to startup successfully
Initiating Application Patch installation...
% Manifest file not found in the bundle
ISEcdemo/admin#
ISEcdemo/admin# application upgrade ise-appbundle-1.1.2.145.i386.tar.gz my2
Save the current ADE-OS running configuration? (yes/no) [yes] ? yes
Generating configuration...
Saved the ADE-OS running configuration to startup successfully
Initiating Application Upgrade...
% Manifest file not found in the bundle
Can someone verify the downloaded file details? They are different from cisco.com values:
-bash-4.1$ /usr/bin/md5sum.exe /cygdrive/c/munka-unenc/tftp/ise-appbundle-1.1.2.145.i386.tar.gz
2aa9b75ef5d7c1662a1a51844f178b77 */cygdrive/c/munka-unenc/tftp/ise-appbundle-1.1.2.145.i386.tar.gz
-bash-4.1$ /usr/bin/ls -lAp /cygdrive/c/munka-unenc/tftp/ise-appbundle-1.1.2.145.i386.tar.gz
-rwx------+ 1 Administrators Domain Users 1583851520 Nov 29 00:14 /cygdrive/c/munka-unenc/tftp/ise-appbundle-1.1.2.145.i386.tar.gz

Applying a new patch on the ISE 1.4.1. reboot required?

when applying a new patch on the ISE 1.4.1, will the server be taken off line whilst the patch is applied. i.e.does the server require a reboot after the patch is applied?

This is what is presently installed:
Cisco Identity Services Engine
Version : 1.1.4.218
Cisco Identity Services Engine Patch
Version : 2
Cisco Identity Services Engine Patch
Version : 8
So is it correct to say that if I have installed patch 8 , then I do not need to install 3-7?
ise-patchbundle-1.1.4.218-3-80980.i386.tar.gz
ise-patchbundle-1.1.4.218-4-82816.i386.tar.gz
ise-patchbundle-1.1.4.218-5-83887.i386.tar.gz
ise-patchbundle-1.1.4.218-6-83972.i386.tar.gz
ise-patchbundle-1.1.4.218-7-87377.i386.tar.gz

Unable to run ISE Backup

Hello All
If I run a backup on ISE it fails with the Message of Insufficient disk space. Actually a dir shows plenty of disk space available.
Any Idea what problem it could be ?
Thanks Thomas
# backup Daily_ISE repository bkp_apzhnise01 encryption-key hash xxxxxxxxxxxxxxxxxxxxx
% Creating backup with timestamped filename: Daily_ISE-130704-1159.tar.gpg
% Error: Insufficient disk space to perform ISE backup
% Application backup error
apzhnise01/admin# dir
Directory of disk:/
   12827561 Jan 16 2013 15:05:35 ise-patchbundle-1.1.2.145-3-70153.i386.tar.gz
      16384 Nov 05 2012 09:23:42 lost+found/
           Usage for disk: filesystem
                  185610240 bytes total used
                14262198272 bytes free
                15234142208 bytes available

Thanks for your reply
We are runnig it on a 3355 Appliance
I found the Problem, the root filesys is on 90% :-(   Don't know what has caused this.
.....So next time doing a show disk instead a dir will help :-)
I guess I have to ask TAC to get the Root utility to gain access and to be able cleanup......
......or is there any other possibility ?
Thanks Thomas
apzhnise01/admin# show disk
disk repository: 2% used (181260 of 14877092)
Internal filesystems:
/ : 90% used ( 460958712 of 540283556)
/tmp : 3% used ( 37504 of 1976268)
/storedconfig : 7% used ( 5694 of 93327)
/boot : 7% used ( 29435 of 489992)
/dev/shm : 0% used ( 0 of 1998968)
warning - / is 90% used (460958712 of 540283556)
apzhnise01/admin# sh ver
Cisco Application Deployment Engine OS Release: 2.0
ADE-OS Build Version: 2.0.4.018
ADE-OS System Architecture: i386
Cisco Identity Services Engine
Version      : 1.1.3.124
Build Date   : Thu Feb 7 07:55:38 2013
Install Date : Mon Mar 11 18:11:36 2013
apzhnise01/admin# show inventory
NAME: "ISE-3355-K9        chassis", DESCR: "ISE-3355-K9        chassis"
PID: ISE-3355-K9       , VID: V01 , SN: KQ8L13G
Total RAM Memory: 3997936 kB
CPU Core Count: 4
CPU 0: Model Info: Intel(R) Xeon(R) CPU           E5504 @ 2.00GHz
CPU 1: Model Info: Intel(R) Xeon(R) CPU           E5504 @ 2.00GHz
CPU 2: Model Info: Intel(R) Xeon(R) CPU           E5504 @ 2.00GHz
CPU 3: Model Info: Intel(R) Xeon(R) CPU           E5504 @ 2.00GHz
Hard Disk Count(*): 1
Disk 0: Device Name: /dev/sda
Disk 0: Capacity: 597.90 GB
Disk 0: Geometry: 255 heads 63 sectors/track 72702 cylinders
33

Installing ISE 1.1.3patch1?

I currently have one VM for management, and 2 IPEP nodes for 2 differnet locations with VPN.
I have successfully installed 1.1.3p1 on the VM, but I can not get patch 1 to install on the IPEPs. I only had one IPEP registered with the management node so I deregistered that one before I applied the patch to the management node. Now both IPEPs are in standalone mode and I can't get the patch to install.
when I issue:
application upgrade ise-patchbundle-1.1.3.124-1-75775.i386.gz myrepository
I get the following response:
Generating configuration...
Saved the ADE-OS running configuration to startup successfully
Initiating Application Upgrade...
% This version of the application is already installed. Remove first if reinstall is desired.
What am I missing?
Thanks,
Dirk

Thank you for the swift and correct answer.
I don't remember doing that when I was upgrading through the 1.1.1 patches. Maybe my brain is on meltdown! LOL
Thanks again!!!

ISE Upgrade File Copy Error

According to the Upgrade Guidelines for 1.2:
Copy the upgrade bundle to the local disk using the copy command from the Cisco ISE CLI: copyftp-filepath ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz disk:/   Again, after you copy the upgrade bundle to the local disk, check to ensure that the size of the upgrade bundle in your local disk is the same as it is in the repository. Use the dir command to verify the size of the upgrade bundle in the local disk.
When I attempt to run this command, I keep getting the error:
"% long command detected at '^' marker"
using the following command:
" copy repository FTPDPZ ise-patchbundle-1.2.0.899-1-82500.x86_64.tar.gz"
I have also tried to replace the repository + name with an IP address, with just the repository name, and with 100 other things.
I tried to look up what a "long command" is, but I come up with nothing.
What is the proper verbage to utilize this command?

David,
It figures, doesn't it? No worries. The repository system is a confusing one, but it is what we have. I have found detailed instructions on using it, but they are for the Cisco Prime LMS product. The process is the same (I used these unstructions when doing my ISE 1.2 Upgrade), just substitute file names as necessary.
Step 1 Log into the shell and navigate to the location where the upgrade file, lms4_2_3_lnx_k9.zip is stored.
myhost/admin# shell
starting shell...
[myhost/ root-ade ~]
Note The login name that appears in the command prompt depends on the login name entered by the user while installing LMS on VM Console.
Step 2 Unzip the lms4_2_3_lnx_k9.zip file to extract Cisco_Prime_LAN_Management_Solution_4_2_3.tar.gz.
[myhost/ root-ade myloc] unzip lms4_2_2_lnx_k9.zip
Step 3 Copy the Cisco_Prime_LAN_Management_Solution_4_2_3.tar.gz to local disk partition of LMS 4.2.2 installed server (/localdisk).
Step 4 Log in with your credentials to the VM Console through Vsphere client.
Step 5 Create either a local or remote repository. A repository contains URL and credential details
myhost/admin# configure terminal
myhost/admin(config)# repository <>
myhost/admin(config-Repository)# url ?
Enter repository URL, including server and path info (Max Size - 80)
cdrom: Local CD-ROM drive (read only)
disk:   Local storage
ftp:    URL using a FTP server
http:   URL using a HTTP server (read only)
https: URL using a HTTPS server (read only)
nfs:    URL using a NFS server
sftp:   URL using a SFTP server
tftp:   URL using a TFTP server
Step 6 Combine the URL to the repository that uses a local or remote storage.
a. The following IOS CLI shows how to combine the URL to a repository that uses a local storage:
myhost/admin(config-Repository)# url disk:
myhost/admin(config-Repository)# exit
myhost/admin(config)# exit
myhost/admin# write mem
Generating configuration...
myhost/admin#
b. The following IOS CLI shows how to combine the URL to a repository that uses an anonymous FTP server:
myhost/admin(config-Repository)# url ftp://<>
myhost/admin(config-Repository)# user <> password plain <>
myhost/admin(config-Repository)# exit
myhost/admin(config)# exit
myhost/admin# write mem
Generating configuration...
myhost/admin#
You can use the above mentioned steps for other protocols.
Step 7 Run the below command in the VM console in VSphere client.
myhost/admin# application upgrade Cisco_Prime_LAN_Management_Solution_4_2_3.tar.gz <>
Save the ADE-OS running configuration? (yes/no) [yes]?
Step 8 Press Enter to continue with LMS 4.2.3 upgrade.
An Application upgrade successful message appears.
Here is the doc that contains these instructions:
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2.3/release/notes/lms4_2_3_release_notes.html#wp1183869

Cisco ISE-3315-K9 version 1.1.1.268 upgrade to 1.2.0.899

Hi Dears,
I have two ISE devices. One of them sofware is 1.1.1.268 and one of them is 1.2.0.899. Now i want upgrade ISE 3315 software 1.1.1268 to 1.2.0.899.
How can I do that?? Please help me.

First, Create a repository in the ISE WebGUI by going to Administration > System > Maintenance and clicking Repository on the Left Menu:
Click the +Add button and then fill out the configuration for the repository:
Note that my repository name is Upgrade.
Download the ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz file and place it in the location you configured in your repository.
Perform a backup of your ISE.
Install the latest patches for v1.1.1
Log in to the CLI and issue the following command:
application upgrade ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz Upgrade
Wait.
Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.Charles Moreton

ISE 1.1.1.268 server not running

Hi Folks,
I have a old ISE appliance 3315, ISE application server is not running even after restart of ISE. ISE ver is 1.1.1.268
Not able to access this appliance through web also.
Can anyone advise if I can upgarde this ISE directly to 1.2 through bootable DVD? Or do I need to upgrade this with latest patch?

you can upgrade to Cisco ISE, Release 1.2, from any of the following releases:
    Cisco ISE, Release 1.1.0.665 (or 1.1.0 with the latest patch applied)
    Cisco ISE, Release 1.1.1.268 (or 1.1.1 with the latest patch applied)
    Cisco ISE, Release 1.1.2, with the latest patch applied
    Cisco ISE, Release 1.1.3, with the latest patch applied
    Cisco ISE, Release 1.1.4, with the latest patch applied
Upgrade Roadmap
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/upgrade_guide/b_ise_upgrade_guide/b_ise_upgrade_guide_chapter_01.html#ID7

ISE 1.2.0 - Issue with Posture

Hi Experts,
I installed ISE 1.2.0.899 Patch 3. While testing, we found the below.
1) Authentication Suceeded
2) Redirection to NAC Agent Page is happening
3) NAC Version 4.9.4.3 (latest) is getting downloaded.
4) Status in ISE is shown as 'Pending' and stays the same.
Even i tried changing the NAC agent version to 4.9.0.42. But stuck in Pending status only.
Is there any solution for this..? do i need to apply patch or version..?
Thanks in advance.

Instructions for Upgrading to Cisco ISE, Release 1.2.1
You can upgrade to Cisco ISE, Release 1.2.1 directly from any of the following releases:
Cisco ISE, Release 1.1.0.665 with patch 5 or later
Cisco ISE, Release 1.1.1.268 with patch 7 or later
Cisco ISE, Release 1.1.2 with patch 10 or later
Cisco ISE, Release 1.1.3 with patch 11 or later
Cisco ISE, Release 1.1.4 with patch 11 or later
Cisco ISE, Release 1.2.0.899 with patch 8 or later
The process for upgrading to Release 1.2.1 is the same as upgrading to Release 1.2. The system reboots twice when you upgrade from Release 1.1.x to 1.2.1 because it involves a 32-bit to 64-bit system upgrade, but only once when you upgrade from Release 1.2.x to 1.2.1 because Release 1.2 is a 64-bit system.
The application upgrade command is enhanced and includes the cleanup, prepare, and proceed options. You can use:
Cleanup—To clean a previously prepared upgrade bundle on a node locally. You can use this option if:
The application upgrade prepare command was interrupted for some reason
The application upgrade prepare command was run with an incorrect upgrade bundle
The upgrade failed for some reason
Prepare—To download and extract an upgrade bundle locally. You can use this command followed by the application upgrade proceed command.
Proceed—To upgrade Cisco ISE using the upgrade bundle you extracted with the prepare option. You can use this option after preparing an upgrade bundle instead of using the application upgrade ise-upgradebundle-1.2-to-1.2.1.xxx.i386.tar.gz remote-repository command.
If upgrade is successful, this option removes the upgrade bundle.
If upgrade fails for any reason, this option retains the upgrade bundle.
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/upgrade_guide/b_ise_upgrade_guide/b_ise_upgrade_guide_chapter_01.html#reference_4FF9C8C761A0456E8A94A7B307A603F5

ISE upgrade to version 1.2

My company ISE is installed into VM, we got a plan to upgrade the ISE form 1.1.1.268 to 1.2. But I read through all the documentation it required VM upgrade from 32 bits to64 bits.
But I have confused with the VM portion. If my current are 32 bits VM running for 1.1.1.268, am I still able to upgrade using the "application upgrade" command to direct do the upgrade "ise-upgradebundle-1.1.x-to-1.2.0.899.i386.tar.gz". What about the VM portion? I should need to manually change the VM from 32 bit to 64 bit or it is done automatically like the message below? Sorry I'm not VM guy and not sure about this portion.
Generating Database statistics for optimization ....
- Preparing database for 64 bit migration...
% NOTICE: The appliance will reboot twice to upgrade software and ADE-OS to 64 bit. During this time progress of the upgrade is visible on console. It could take up to 30 minutes for this to complete.
Rebooting to do Identity Service Engine upgrade...
I should be worry about the license and certificate after the upgrade?

I am not a VM guy either but if you follow the info on the link you should be fine. The tasks that you have outlined are tasks that happen automatically when you run the upgrade procedure. After that process is done, you will have to change the VM settings. So if you have a single ISE node you will need to:
1. Run the upgrade process
2. Power off the VM
3. Adjust in VM Ware:
- Type of OS (Mandatory)
- RAM (Optional) - Check ISE's hardware installation guide
- CPU (Optional) - Check ISE's hardware installation guide
3. Power the VM back on and then test again
If you have a distributed deployment then you will have to follow the instructions for that
The document/link also answers your question about the certificates and license files:
The upgrade process retains licenses and certificates. You do not have to reinstall or reimport them. Cisco ISE, Release 1.2, supports license files with two-node unique device identifiers (UDIs). You can request for a new license with the UDI of both the primary and secondary Administration nodes. See the Cisco Identity Services Engine Hardware Installation Guide for details.
Thank you for rating helpful posts!

ISE 1.1.2.145 patch-3 and CLI password disable

I am running ISE 1.1.2.145 patch-3 on VMWare ESXi 4.1 The ISE is running fine without any issues.
During the initial setup of the ISE, I create an account called "admin" so that I can ssh into the ISE. According to Cisco, the CLI password does NOT expire and does NOT lock out. However, when I ssh into the ISE and "intentionally" entered the wrong password 5 times. After that, I can no longer ssh or console in the ISE with the "admin" account. The only way to fix this is to do "password recovery" with the DVD.
I notice the same issue with ISE version 1.1.1.268 patch-5 as well.
Is this a "known" issue with ISE or bug?

There looks like there was a bug fixed for this issue in 1.1.1, you may need to open a tac case and see if the bug has resurfaced.
http://www.cisco.com/en/US/docs/security/ise/1.1.1/release_notes/ise111_rn.html#wp411891
CSCub89895
SNMP process stops randomly due to an issue in netsnmp
The netsnmp daemon on Cisco ISE can halt, causing any SNMP monitoring of the Cisco ISE node to fail until the daemon is restarted. This issue has been observed in Cisco ISE, Release 1.1.1.
Workaround Remove all SNMP commands and re-add them to start the daemon again or restart the ISE node.
For more information, see: http://sourceforge.net/tracker/index.php?func=detail&aid=3400106&group_id=12694&atid=112694
Tarik Admani
*Please rate helpful posts*

ISE: Dynamic Authorization Failed

Hi,
I am gettning warning messages in ISE saying
Cause:
Dynamic Authorization Failed for Device: 0002SWC003 (switch)
Details:
Dynamic Authorization Failed
It is not only on that switch but on all switches I have configured. I am using 3560 IPBase 12.2(55)SE6. I have configured them according to Trustsec 2.1.
My end devices are none-802.1x.
I can't figure out what is causing this error.
The thing is that I have not experienced any problem. In Live Authentications there are some 'Unknown' and 'Profiled' devices hitting the DenyAccess rule, but other then that everying is beeing Authorized fine.
Anyone got an idea what could be causing this error?
Regards,
Philip

This is what I have found out.. Using ISE Version 1.1.1.268. If you go the logs page
Jan 10,13 7:39:12.147 AM
Dynamic Authorization failed
and then go to the details...
Failure Reason > Authentication Failure Code Lookup
Failure Reason :
11213 No response received from Network Access Device
Generated on:January 10, 2013 8:08:17 AM PST
Description
No response received from Network Access Device.
Resolution Steps
Check the connectivity between ISE and Network Access Device. Ensure that ISE is defined as Dynamic Authorization Client on Network Access Device and that CoA is supported on device.
...next check into Resolution Steps...

ISE upgrade issue

Trying to upgrade from 1.1.1.268 patch 5 to 1.1.2.145. It fails saying the package isn't correct format via GUI. Tried via CLI and I see this in the logs.
Jan 3 18:25:42 oranetise02 debugd[2507]: [22327]: application:install cars_install.c[245] [<removed>]: Install initiated with bundle - ise-appbundle-1.1.2.145.i386.tar.gz, repo - Patches
Jan 3 18:25:42 oranetise02 debugd[2507]: [22327]: application:install cars_install.c[259] [<removed>]: Stage area - /storeddata/Installing/.1357237542
Jan 3 18:25:42 oranetise02 debugd[2507]: [22327]: application:install cars_install.c[263] [<removed>]: Getting bundle to local machine
Jan 3 18:25:42 oranetise02 debugd[2507]: [22327]: transfer: cars_xfer.c[54] [<removed>]: ftp copy in of ise-appbundle-1.1.2.145.i386.tar.gz requested
Jan 3 18:26:12 oranetise02 debugd[2507]: [22327]: application:install cars_install.c[272] [<removed>]: Got bundle at - /storeddata/Installing/.1357237542/ise-appbundle-1.1.2.145.i386.tar.gz
Jan 3 18:26:12 oranetise02 debugd[2507]: [22327]: application:install cars_install.c[282] [<removed>]: Unbundling package ise-appbundle-1.1.2.145.i386.tar.gz
Jan 3 18:26:52 oranetise02 debugd[2507]: [22327]: application:install cars_install.c[294] [<removed>]: Unbundling done. Verifying input parameters...
Jan 3 18:26:52 oranetise02 debugd[2507]: [22327]: application:install cars_install.c[316] [<removed>]: Manifest file is at - /storeddata/Installing/.1357237542/manifest.xml
Jan 3 18:26:52 oranetise02 debugd[2507]: [22327]: application:install cars_install.c[326] [<removed>]: Manifest file appname - ise
Jan 3 18:26:52 oranetise02 debugd[2507]: [22327]: application:install cars_install.c[364] [<removed>]: Patch bundle contains patch((null)) for app version(1.1.2.145)
Jan 3 18:26:52 oranetise02 debugd[2507]: [22327]: application:install cars_install.c[367] [<removed>]: Patch for application version (1.1.2.145) is not matching the installed app version
Jan 3 18:26:53 oranetise02 debugd[2507]: [22327]: application:install install_cli.c[691] [<removed>]: error message: Patch cannot be applied to the installed application version.
Jan 3 18:26:53 oranetise02 debugd[2507]: [22327]: application:install install_cli.c[694] [<removed>]: Error while Installing - Patch bundle: ise-appbundle-1.1.2.145.i386.tar.gz Repository: Patches ErrorCode: -623 Jan 3 18:25:42 oranetise02 debugd[2507]: [22327]: application:install cars_install.c[245] [<removed>]: Install initiated with bundle - ise-appbundle-1.1.2.145.i386.tar.gz, repo - Patches
Jan 3 18:25:42 oranetise02 debugd[2507]: [22327]: application:install cars_install.c[259] [<removed>]: Stage area - /storeddata/Installing/.1357237542
Jan 3 18:25:42 oranetise02 debugd[2507]: [22327]: application:install cars_install.c[263] [<removed>]: Getting bundle to local machine
Jan 3 18:25:42 oranetise02 debugd[2507]: [22327]: transfer: cars_xfer.c[54] [<removed>]: ftp copy in of ise-appbundle-1.1.2.145.i386.tar.gz requested
Jan 3 18:26:12 oranetise02 debugd[2507]: [22327]: application:install cars_install.c[272] [<removed>]: Got bundle at - /storeddata/Installing/.1357237542/ise-appbundle-1.1.2.145.i386.tar.gz
Jan 3 18:26:12 oranetise02 debugd[2507]: [22327]: application:install cars_install.c[282] [<removed>]: Unbundling package ise-appbundle-1.1.2.145.i386.tar.gz
Jan 3 18:26:52 oranetise02 debugd[2507]: [22327]: application:install cars_install.c[294] [<removed>]: Unbundling done. Verifying input parameters...
Jan 3 18:26:52 oranetise02 debugd[2507]: [22327]: application:install cars_install.c[316] [<removed>]: Manifest file is at - /storeddata/Installing/.1357237542/manifest.xml
Jan 3 18:26:52 oranetise02 debugd[2507]: [22327]: application:install cars_install.c[326] [<removed>]: Manifest file appname - ise
Jan 3 18:26:52 oranetise02 debugd[2507]: [22327]: application:install cars_install.c[364] [<removed>]: Patch bundle contains patch((null)) for app version(1.1.2.145)
Jan 3 18:26:52 oranetise02 debugd[2507]: [22327]: application:install cars_install.c[367] [<removed>]: Patch for application version (1.1.2.145) is not matching the installed app version
Jan 3 18:26:53 oranetise02 debugd[2507]: [22327]: application:install install_cli.c[691] [<removed>]: error message: Patch cannot be applied to the installed application version.
Jan 3 18:26:53 oranetise02 debugd[2507]: [22327]: application:install install_cli.c[694] [<removed>]: Error while Installing - Patch bundle: ise-appbundle-1.1.2.145.i386.tar.gz Repository: Patches ErrorCode: -623

To avoid contratictory fixes. Essentially, with patch 5 you aply a fix. Upgrade to 1.1.2 removes it (or even worse case leaves orphaned files etc. since it does not know about the fix) and then patch 2 applies it back. It will work fine as long as the "fix" is exactly the same. That assumption can be wrong.
Even the release notes were made to reflect that an upgrade to 1.1.2 requires you to be at 1.1.1 patch 3.

Ise-patchbundle-1.1.1.268-1-60802.i386.tar.gz

Similar Messages

Maybe you are looking for