Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ISE 1.2.1 Install guide

Anyone have a link to instructions on how to upgrade ISE 1.2 (patch 8) to 1.2.1? The release notes don't mention a new process and the old process gives a SHA error.


Use the proceed option to

Use the proceed option to upgrade Cisco ISE using the upgrade bundle you extracted with the prepare option. You can use this option after preparing an upgrade bundle instead of using the application upgrade < > < remote-repository>.

1. If upgrade is successful, this option removes the upgrade bundle.

2. If upgrade fails for any reason, this option retains the upgrade bundle.

3. If you issue the application upgrade command when another application upgrade operation is in progress, you will see the following warning message:

An existing application install, remove, or upgrade is in progress. Try again shortly.
Cisco Employee

All upgrades should be

All upgrades should be through CLI for best chance of success

Inline Posture Nodes must be deregistered from the Admin Node and upgraded separately

  • If no IPNs are deployed, start with upgrading the PSNs
  • Then any MNT Nodes
  • Then Secondary Admin nodes
  • Lastly upgrade the Primary Admin Node

Once the Primary Admin Node finishes and reboots, all other nodes should show up, EXCEPT the IPN  

The IPN has to be Registered on the Admin node again, but don't worry, all the settings are retained

That is pretty much it.  This is the method I used to upgrade my deployment.


However, an SHA error can mean file corruption.  You may want to try downloading the upgrade bundle again.

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.

Charles Moreton

New Member

In the upgrade guide for 1.2

In the upgrade guide for 1.2 distributed deployments it says to upgrade the secondary admin node first.  I know this isn't for 1.2.1 but I was told to follow this same method.  So should I go with the method in the guide or follow yours?


When upgrading to Cisco ISE, Release 1.2, first upgrade the secondary Administration node to Release 1.2. For example, if you have a deployment set up as shown in Figure 2, with one primary Administration node (Node A), one secondary Administration node (Node B), one Inline Posture node (IPN) (Node C), and four Policy Service nodes (PSNs) (Node D, Node E, Node F, and Node G), one primary Monitoring node ( Node H), and one secondary Monitoring node (Node I), you can proceed with the following upgrade procedure

New Member

We have a standalone

We have a standalone deployment (only about 1k endpoints/users).

New Member

FYII followed the guide that


I followed the guide that I referenced for distributed deployments.  This method worked great!!  While your method does work as you said.  I think by upgrading the psns first then you would lose logging as there wouldn't be any mnt nodes that are on the same version.  At least until you upgrade one of the mnt nodes.  The order I did was


1) Secondary Admin

2) Primary MNT

3) PSN

4) PSN

5) Secondary MNT

6) Primary Admin (which will be secondary in this new deployment)


Then login directly to the the new secondary admin and promote it back to its original persona.  Primary admin

New Member

I was able to upgrade ISE

I was able to upgrade ISE using the cli application upgrade using a local repository. For whatever reason it  did not like the FTP repository I created with the GUI that is being used for backups.

New Member

Do you have distributed

Do you have distributed deployment?  If so what order did you upgrade the nodes?

Cisco Employee

Hi Seth, It is as the same as

Hi Seth,


It is as the same as old process only . The SHA error you are seeing might be because of improper download of ISE 1.2.1 Application bundle.


Can you please cross check MD5 or SHA checksum of the file you downloaded.