I try to use the backup feature in Cisco ISE but after configured an FTP, every backup failed.
My FTP server is a Windows Server 2008 and I can create, modify and delete files in the root folder if I use a classical FTP Client as Filezilla from my workstation which is in the same VLAN than my Cisco ISE, so I think it's not an account problem and not a firewall or security issue.
Here the result when I use the CLI :
ADLUISE01/admin# backup TestFTP repository FTP-Repository ise-operational encryption-key plain *******
% Creating backup with timestamped filename: TestFTP-OPS-140625-1542.tar.gpg
% backup in progress: Starting Backup...10% completed
% backup in progress: starting dbbackup using expdp.......20% completed
% backup in progress: starting cars logic.......50% completed
% backup in progress: Moving Backup file to the repository...75% completed
% File transfer error
Thanks for you help!
If backup fails, check the following:
– Monitoring backup fails if the monitoring data takes up more than 75% of the allocated monitoring database size. For example, if your Monitoring node is allocated 600 GB, and the monitoring data takes up more than 450 GB of storage, then monitoring backup fails.
– If the database disk usage is greater than 90%, a purge occurs to bring the database size to less than or equal to 75% of its allocated size.
Supringly a lot of cisco TAC engineers don't seem to understand the issue of ISE and FTP and why it failed.
The answer is "depending on the type of FTP server" you're running. In my situation, I have different flavor of Gentoo Linux and CentOS linux. With CentOS linux, you have to specific declare the home directory of the FTP server. For example, let say you want to backup ISE to a directory under the account isebackup on the centOS, you have to declare "/home/isebackup" under the directory in ISE.
With Gentoo linux, you can declare however you see fit and it will work
I don't have much experience with FTP running on Windows but I know the ISE backup via FTP works well with both Gentoo and CentOS linux with my first-hand knowledge.
That being said, I rather prefer sftp over ftp for ease of use and better security when transferring files across the network.
Thanks for your answers.
Actually, I cannot use a Linux server even if I know it would be better, but we have only Windows Server in our company, so I have to adapt myself.
I have also checked every points of mohanak but everything seems to be good and I still do whatever I want with a classic FTP client.
Do you knows some commands or tips to troubleshoot this problem on ISE or IIS?
I quit my last job because the place had lot of idiots because they are running Windows. Real Engineers use Open/Free BSD, Linux or Solaris. Only network wannabe use Windows.
joking aside, I think the best thing for you to do is to run "wireshark" on the Windows server and start capturing traffics from the ISE to the IIS server. Because FTP is "clear-text" traffics, you will be able to decode the data and it will tell you why FTP failed.
My guess is that it has to do with directory, not directory permission but directory in general.
ISE backup is failing with the following error message
DB BACKUP FAILED : RMAN-03002: failure of transport tablespace command at 04/11/2016 23:13:39. Backup aborted
All was working fine. Tried the option of Backup now and that too got failed. Percentage is showing 20% and it fails with the above error message. Please suggest what to be done on this.
On looking at the error I could say that there could be an issue within ISE that is preventing the required objects to be backed up. I would request to open a service request with TAC so that they can fix this issue by going into the CLI.
Thank you for the reply. Shall we do an application restart on ISE primary admin node?. Will that fix the issue. What do you think?
If possible can you try listing the files in repository from ISE CLI by using the command 'show repository <NAME OF REPOSITORY>' once after repository is created.
Also When you are trying to do this operation , can you please collect the logs from FTP server.
Also you may get some information on why file transfer is failing from the ISE log file ADE.log.
can you please give a rundown of how you have the FTP repository as well as the scheduled job configured? FTP? SFTP? ect...
I ran into some issues a while back with setting up the FTP backups as well, and I was forced to do quite a bit of research on the matter. While some users on here may prefer to use one operating system over others, that is their personal opinion, and is not helpful at all in solving your issue.