If you find yourself in a position where you need to reset the application configuration and database of your Identity Services Engine node, here are a few suggestions for a little house cleaning before setting off on your journey.
Items to check off your list:
Am I regularly backing up my application, OS and monitoring data?
If not, you can perform an on-demand backup or create a backup schedule to fit your needs. This can be accomplished with the CLI or the GUI as demonstrated here.
What role does the ISE node that I intend to reset play in my deployment?
If you need to reset to configuration of an ISE node in a dual-node or distributed deployment, the node will need to be de-registered from the cluster. Be sure to record database user and database admin passwords, as they must be identical to all nodes in your deployment, when it comes time to re-register.
Does my ISE installation use CA issued certificates?
Certificates do not persist following an application reset. Local certificates and certificates within the Certificate Store can be exported, and later imported, following the application reset, as demonstrated here.
What version of ISE am I currently running?
**WARNING** There is currently a bug associated with ISE version 1.1.3, patch 1, when issuing the command “application reset-config ise”
If you’ve already issued the “application reset-config ise” and you’re running 1.1.3 patch 1, your “Home” page and “Operations > Authentications” page may look similar to this.
If you are resetting an ISE node that happens to be your acting primary admin node, then the functionality displayed above is less than desirable. I’ve been unable to track down an official Cisco bug associated with this issue. In fact, there is only one bug listed for 1.1.3 as of 6/4/2013, CSCuf21967, according to the Software Bug ToolKit.
To fix this issue, remove and re-add the patch from the affected node. If your using a multi-node deployment or a distributed deployment the patch will need to be removed from the primary admin node’s GUI or from each node’s CLI. The GUI option doesn’t provide you with much of an indication of progress, so the CLI may be the preferred method. Your mileage may vary.
isebox01/admin# patch remove ise 1 Continue with application patch uninstall? [y/n] y Application patch successfully uninstalled isebox01/admin# show ver Cisco Identity Services Engine --------------------------------------------- Version : 1.1.3.124 isebox01/admin# patch install ise-patchbundle-1.1.3.124-1-75775.i386.gz SFTP Save the current ADE-OS running configuration? (yes/no) [yes] ? Generating configuration... Saved the ADE-OS running configuration to startup successfully Initiating Application Patch installation... Patch successfully installed isebox01/admin# show ver Cisco Identity Services Engine --------------------------------------------- Version : 1.1.3.124 Cisco Identity Services Engine Patch --------------------------------------------- Version : 1
With the exception of ISE version 1.1.3, patch 1, if you are running ISE version 1.1.x, you can reset the application configuration without rendering your “Home” and “Operations > Authentications” pages unusable.
isebox01/admin# application reset-config ise Initialize your ISE configuration to factory defaults? (y/n): y Reinitializing local ISE configuration to factory defaults... Stopping ISE Monitoring & Troubleshooting Log Processor... Stopping ISE Monitoring & Troubleshooting Log Collector... Stopping ISE Monitoring & Troubleshooting Alert Process... Stopping ISE Application Server... Stopping ISE Monitoring & Troubleshooting Session Database... Stopping ISE Database processes... Enter the ISE administrator username to create[admin]: Enter the password for 'admin': Re-enter the password for 'admin':
NOTE: when resetting a nodes application configuration, the database admin and database user passwords must be set to match all other nodes in your deployment, otherwise registration will fail.
Please follow the prompts below to create the database administrator password. % Legal characters are [A-Z][a-z][0-9]_# Enter new database admin password: Confirm new database admin password: Successfully created database administrator password. Please follow the prompts below to create the database user password. Enter new database user password: Confirm new database user password: Successfully created database user password. Extracting ISE database content... Starting ISE database processes... Creating ISE M&T session directory... Performing ISE database priming... isebox01/admin#
