Solved: ISE Upgrade problem

Bruno Rangel · ‎02-12-2016

I was trying to upgrade ISE in standalone deployment from 1.2.1.198 to 1.3

- My file name and size is same as what I see in the cisco.com download section (name: ise-upgradebundle-1.2.x-to-1.3.0.876.repackaged.x86_64.tar.gz, size: 4.02 GB (4,326,538,352 bytes))
- I used following commands and both gave the same error:

application upgrade prepare ise-upgradebundle-1.2.x-to-1.3.0.876.repackaged.x86_64.tar.gz UPGRADE
application upgrade ise-upgradebundle-1.2.x-to-1.3.0.876.repackaged.x86_64.tar.gz UPGRADE

ISE-STANDALONE# application upgrade ise-upgradebundle-1.2.x-to-1.3.0.876.repackaged.x86_64.tar.gz UPGRADE
Save the current ADE-OS running configuration? (yes/no) [yes] ? yes
Generating configuration...
Saved the ADE-OS running configuration to startup successfully

Getting bundle to local machine...
md5: 76e17877c2fb70d1006a20780fbf5b98
sha256: 461a0931c2f498399d96f195b1ab3d196fe7694f6e0cc2b4cb75928aced5f1c7
% Please confirm above crypto hash matches what is posted on Cisco download site.

Downlod file size and MD5 exact as Ciscos published, but the SHA is diferent::
Cisco download site show SHA512 Checksum:ea2e5eee527c145eb971e2a7806e6185

The ISE showing: sha256: 461a0931c2f498399d96f195b1ab3d196fe7694f6e0cc2b4cb75928aced5f1c7

Can someone please advise what is wrong with the above steps or how to fix the above error.?

Cheers
Bruno Rangel
Please remember to rate helpful responses using the star bellow and identify helpful or correct answers

Marvin Rhoads · ‎02-12-2016

Verify your SHA512 hash matches using an external check (like http://download.cnet.com/MD5-SHA-Checksum-Utility/3000-2092_4-10911445.html ).

Then use the same utility to compute the SHA256 before transferring the file to ISE. Use that to verify.

View solution in original post

Marvin Rhoads · ‎02-12-2016

My point was that the cisco.com site is now using SHA512 hashes.

The older Linux that your ISE 1.2 uses computes using a SHA256 hash.

As long as you've confirmed the SHA256 value by computing it against a SHA512-verified file download, you can safely accept it and proceed with the upgrade.

View solution in original post

Marvin Rhoads · ‎02-12-2016

Verify your SHA512 hash matches using an external check (like http://download.cnet.com/MD5-SHA-Checksum-Utility/3000-2092_4-10911445.html ).

Then use the same utility to compute the SHA256 before transferring the file to ISE. Use that to verify.

Bruno Rangel · ‎02-12-2016

Hi Marvin

Thanks for your reply...

I did it using the Checksum Utility, the results are the same that the ISE gave me. The question here is how I can to proceed the upgrade once the ISE just check the SHA and the file is not compatible.

Cheers
Bruno Rangel
Please remember to rate helpful responses using the star bellow and identify helpful or correct answers

Marvin Rhoads · ‎02-12-2016

My point was that the cisco.com site is now using SHA512 hashes.

The older Linux that your ISE 1.2 uses computes using a SHA256 hash.

As long as you've confirmed the SHA256 value by computing it against a SHA512-verified file download, you can safely accept it and proceed with the upgrade.

Bruno Rangel · ‎04-11-2016

Hi Marvin

Thanks for your help, those informations were very helpful

Cheers
Bruno Rangel
Please remember to rate helpful responses using the star bellow and identify helpful or correct answers