Cisco ISE Upgrade 2.0 to 2.1

In this article I am going to lay the important facts for doing a Cisco ISE upgrade, from version 2.0 to 2.1. These recommendations are also valid for other upgrade versions.

My tools are:

  • Vmware Workstation Pro 12
  • Cisco ISE 2.0.x virtual appliance software, as initial version
  • Cisco ISE 2.1 upgrade patch¬†ise-upgradebundle-2.0.x-to-2.1.0.474.SPA.x86_64.tar.gz
  • 3Cdeamon TFTP server

I used at first Filezilla FTP server. It sucks. The download process hangs and freezes often. I spent a whole sunday afternoon figuring what the problem could be.
I switched to using the manual CLI command to copy the upgrad bundle from an FTP server. I got errors during the copy process too. By the way, when you use FTP as your copy process, the FTP server must be already declared as a repository in CLI in ISE, and the CLI command is:

copy ftp://192.168.1.254/ise-upgradebundle-2.0.x-to-2.1.0.474.SPA.x86_64.tar.gz disk:\
this simply did not work on my lab.

then found this link and followed the instructions: https://wifiworkshop.com/2017/08/29/how-to-upgrade-cisco-identity-services-engine/

ISE1/admin# mkdir disk:/ise-upgrade
ISE1/admin# copy tftp://192.168.1.254/ise-upgradebundle-2.0.x-to-2.1.0.474.SPA.x86_64.tar.gz disk:/ise-upgrade
Error code 1: File not found
ISE1/admin# copy tftp://192.168.1.254/ise-upgradebundle-2.0.x-to-2.1.0.474.SPA.x86_64.tar.gz disk:/ise-upgrade

I am using
3CDeamon as TFTP server
disk:/ise-upgrade as a local repository on ISE
local-repo as the name of the repository, configured with type DISK on ISE

to see the progress of the copy operation: dir disk:/ise-upgrade. You should see a decreasing free disk space.

after successful copy, clean some space up with “application upgrade cleanup” :
ISE1/admin# application upgrade cleanup

Application upgrade preparation directory cleanup successful

then launch the following:

ISE1/admin# application upgrade prepare ise-upgradebundle-2.0.x-to-2.1.0.474.SPA.x86_64.tar.gz ?
<WORD> Name of the configured remote repository (Max Size – 255)

ISE1/admin# application upgrade prepare ise-upgradebundle-2.0.x-to-2.1.0.474.SPA.x86_64.tar.gz local-repo

Getting bundle to local machine…
Unbundling Application Package…
Verifying Application Signature…
Application upgrade preparation successful
ISE1/admin# application upgrade proceed
Initiating Application Upgrade…
% Warning: Do not use Ctrl-C or close this terminal window until upgrade completes.
-Checking VM for minimum hardware requirements
STEP 1: Stopping ISE application…
STEP 2: Verifying files in bundle…
-Internal hash verification passed for bundle
STEP 3: Validating data before upgrade…
STEP 4: Taking backup of the configuration data…
STEP 5: Running ISE configuration database schema upgrade…
– Running db sanity check to fix index corruption, if any…
– Upgrading Schema for UPS Model…
– Upgrading Schema completed for UPS Model.

ISE database schema upgrade completed.
STEP 6: Running ISE configuration data upgrade…
– Data upgrade step 1/42, AuthzUpgradeService(2.0.0.308)… Done in 1 seconds.
– Data upgrade step 2/42, NSFUpgradeService(2.1.0.102)… Done in 0 seconds.
– Data upgrade step 3/42, UPSUpgradeHandler(2.1.0.105)… Done in 39 seconds.
– Data upgrade step 4/42, UPSUpgradeHandler(2.1.0.107)… Done in 2 seconds.
– Data upgrade step 5/42, NSFUpgradeService(2.1.0.109)… Done in 0 seconds.
– Data upgrade step 6/42, NSFUpgradeService(2.1.0.126)… Done in 1 seconds.
– Data upgrade step 7/42, NetworkAccessUpgrade(2.1.0.127)… Done in 0 seconds.
– Data upgrade step 8/42, ProfilerUpgradeService(2.1.0.134)… Done in 0 seconds.
– Data upgrade step 9/42, ProfilerUpgradeService(2.1.0.139)… Done in 0 seconds.
– Data upgrade step 10/42, ProfilerUpgradeService(2.1.0.166)… .Done in 80 seconds.
– Data upgrade step 11/42, NSFUpgradeService(2.1.0.168)… Done in 0 seconds.
– Data upgrade step 12/42, AlarmsUpgradeHandler(2.1.0.169)… Done in 1 seconds.
– Data upgrade step 13/42, RegisterPostureTypes(2.1.0.180)… Done in 2 seconds.
– Data upgrade step 14/42, RegisterPostureTypes(2.1.0.189)… Done in 0 seconds.
– Data upgrade step 15/42, UPSUpgradeHandler(2.1.0.194)… Done in 0 seconds.
– Data upgrade step 16/42, TrustsecWorkflowRegistration(2.1.0.203)… Done in 0 seconds.
– Data upgrade step 17/42, NSFUpgradeService(2.1.0.205)… Done in 0 seconds.
– Data upgrade step 18/42, NetworkAccessUpgrade(2.1.0.207)… Done in 0 seconds.
– Data upgrade step 19/42, NSFUpgradeService(2.1.0.212)… Done in 0 seconds.
– Data upgrade step 20/42, NetworkAccessUpgrade(2.1.0.241)… Done in 0 seconds.
– Data upgrade step 21/42, NetworkAccessUpgrade(2.1.0.242)… Done in 0 seconds.
– Data upgrade step 22/42, UPSUpgradeHandler(2.1.0.244)… Done in 0 seconds.
– Data upgrade step 23/42, ProfilerUpgradeService(2.1.0.248)… Done in 0 seconds.
– Data upgrade step 24/42, NetworkAccessUpgrade(2.1.0.254)… Done in 0 seconds.
– Data upgrade step 25/42, UPSUpgradeHandler(2.1.0.255)… Done in 8 seconds.
– Data upgrade step 26/42, MDMPartnerUpgradeService(2.1.0.257)… Done in 0 seconds.
– Data upgrade step 27/42, NetworkAccessUpgrade(2.1.0.258)… Done in 0 seconds.
– Data upgrade step 28/42, ProfilerUpgradeService(2.1.0.258)… Done in 57 seconds.
– Data upgrade step 29/42, MDMPartnerUpgradeService(2.1.0.258)… Done in 2 seconds.
– Data upgrade step 30/42, UPSUpgradeHandler(2.1.0.279)… Done in 4 seconds.
– Data upgrade step 31/42, NSFUpgradeService(2.1.0.282)… Done in 0 seconds.
– Data upgrade step 32/42, NetworkAccessUpgrade(2.1.0.288)… Done in 0 seconds.
– Data upgrade step 33/42, NetworkAccessUpgrade(2.1.0.295)… Done in 1 seconds.
– Data upgrade step 34/42, CertMgmtUpgradeService(2.1.0.296)… Done in 0 seconds.
– Data upgrade step 35/42, NetworkAccessUpgrade(2.1.0.299)… Done in 0 seconds.
– Data upgrade step 36/42, NetworkAccessUpgrade(2.1.0.322)… Done in 3 seconds.
– Data upgrade step 37/42, NetworkAccessUpgrade(2.1.0.330)… Done in 2 seconds.
– Data upgrade step 38/42, NSFUpgradeService(2.1.0.353)… Done in 0 seconds.
– Data upgrade step 39/42, ProfilerUpgradeService(2.1.0.354)… Done in 1 seconds.
– Data upgrade step 40/42, NSFUpgradeService(2.1.0.474)… Done in 0 seconds.
– Data upgrade step 41/42, ProfilerUpgradeService(2.1.0.474)… Done in 1 seconds.
– Data upgrade step 42/42, GuestAccessUpgradeService(2.1.0.474)… Done in 16 seconds.
STEP 7: Running ISE configuration data upgrade for node specific data…
STEP 8: Running ISE M&T database upgrade…
ISE M&T Log Processor is not running
ISE database M&T schema upgrade completed.
then the system reboots to complete the installation. It took an eternity to finish. And at the end, I was not notified that the system was ready. I kept receiving “upgrading Identity System Engine Binaries..” message. So I simply repeatedly checked the GUI with F5 button, until I saw the new 2.1 GUI.

By the way, you don’t need to upgrade further than 2.1. The Cisco ISE 2.1 is good enough for the CCIE V5.

Leave a Comment