I have a customer that performed the ISE 2.0 to 2.0.1 upgrade process and the final server upgrade failed and was stuck in a hung state; unable to access the server or complete upon a reboot.

Initial state:

SITE 01

ISE SERVER 01 - PAN (Primary) - 2.0

ISE SERVER 02 - MNT (Primary) - 2.0

ISE SERVER 03 - PSN - 2.0

SITE 02

ISE SERVER 04 - PAN (Secondary) - 2.0

ISE SERVER 05 - MNT (Secondary) - 2.0

ISE SERVER 06 - PSN - 2.0

Upgrade Order Set To:

ISE SERVER 04 - PAN (Secondary)

ISE SERVER 02 - MNT (Primary)

ISE SERVER 03 - PSN

ISE SERVER 06 - PSN

ISE SERVER 05 - MNT (Secondary)

ISE SERVER 01 - PAN (Primary)

Upgrade Status:

ISE SERVER 04 - PAN (Secondary)    > Successful > 2.0.1 > PAN (Primary)

ISE SERVER 02 - MNT (Primary)        > Successful > 2.0.1 > MNT (Primary)

ISE SERVER 03 - PSN                        > Successful > 2.0.1 > PSN

ISE SERVER 06 - PSN                        > Successful > 2.0.1 > PSN

ISE SERVER 05 - MNT (Secondary)   > Successful > 2.0.1 > MNT (Secondary)

ISE SERVER 01 - PAN (Primary)         > FAILED > Not upgraded > System Hung

So, after customer tried to recover the server and failing, they decided to rebuild the server directly as a 2.0.1 build.

Now, when they try to log in to the NEW PAN and add the rebuilt server to the Deployment it fails. They've reloaded the previous certificates to the server, but they still get the following error.

ERROR:

Unable to authenticate ISE SERVER 01. Please check server and CA certificate configuration and make sure “trust for authentication within ISE” option is selected.

Any ideas on why they may not be able to get it added to the new 2.0.1 upgraded deployment?

Thanks,

Damon