Clients with certificates provisioned through MS SCEP did connect successfully after the restore (assuming you are using wildcard System Certificates issued by MS CA and they were re-imported successfully). One thing I noticed is if you are using external CA for certificate management there is no need to import Internal CA store. If you are building a test/lab system do not forget to rename sponsor and mydevices shortcuts after the restore as it will continue to reference production portals.
In a testing environment, where hostnames will be different, you will need to regenerate Root CA on ISE as discussed further.Īfter the upgrade when importing certificate for portals you may get this cosmetic error so just ignore it and certificate should install anyway. Keep hostnames the same otherwise you can not re-import Internal CA store and you will get a validation error. Once passwords matched I was able to login to GUI after the restore. Changing password on CLI with application reset-passwd ise admin did not help so I had to reset config.
I had a different password and after restoring from backup GUI login did not work. Make sure new nodes have the same Web UI admin login. This post is about my findings and lessons learned.įirst of all, before restoring from backup verify and match ISE OS and patch versions. This way I had a chance to run through restore steps and test upgrade process. In preparation for Identity Services Engine (ISE) 2.1 upgrade, I’ve replicated production environment in order to validate upgrade functionality.