Security

Hello Dears,

I have a publisher CPPM and a subscriber CPPM, I wanted to upgrade both of them from version 6.9.7 to 6.10.0, and after I downloaded the new firmware on the software updates page I installed the version directly by mistake not upgraded the cluster.

This resulted the publisher to be upgraded to version 6.10.0 and subscriber remain on 6.9.7 and after the upgrade the it showed the subscriber was disabled and they were not syncing, I waited couple of hours was still not syncing, I was able to reboot the subscriber CPPM from the publisher but it was not syncing and even after the reboot.

Now I rebooted the Publisher to the second old firmware image and subscriber syncs normally, but don't now what is the best way to fix this issue, I tried to upgrade the subscriber individually same as the publisher it fails to download. On the publisher with the new firmware there is no Rollback to the previous image but on the old firmware there is rollback to the 6.9.7 but not sure what's going to happen if I do that.

Your advice are highly appreciated. Thanks. 

ClearPass 6.10 is end of life / end of support. You should upgrade to version 6.11 or 6.12.

ClearPass will only sync of the version on the publisher and the subscriber are exactly the same; so it's expected that if versions are different that it will not sync.

If the in-product download doesn't work (it should), you can download the upgrade image from the networkingsupport site and upload it manually to the appliance. Still, a cluster upgrade should work and would be the preferred method. TAC may be able to help you, but they may also request you to go to a supported ClearPass version.

Hello Dears,

I have a publisher CPPM and a subscriber CPPM, I wanted to upgrade both of them from version 6.9.7 to 6.10.0, and after I downloaded the new firmware on the software updates page I installed the version directly by mistake not upgraded the cluster.

This resulted the publisher to be upgraded to version 6.10.0 and subscriber remain on 6.9.7 and after the upgrade the it showed the subscriber was disabled and they were not syncing, I waited couple of hours was still not syncing, I was able to reboot the subscriber CPPM from the publisher but it was not syncing and even after the reboot.

Now I rebooted the Publisher to the second old firmware image and subscriber syncs normally, but don't now what is the best way to fix this issue, I tried to upgrade the subscriber individually same as the publisher it fails to download. On the publisher with the new firmware there is no Rollback to the previous image but on the old firmware there is rollback to the 6.9.7 but not sure what's going to happen if I do that.

Your advice are highly appreciated. Thanks. 

Thank you Mr. Herman,

My original goal is to upgrade it to 6.12 but I was unable to upgrade it directly I have to do few intermediate upgrades.

Anyway, If I Rollback from the publisher on the second image 6.9.7, is it going to downgrade the first image 6.10.0 to the previous image, since I don't have an active support contract yet with the link to download the firmware is disabled in my account.

Thanks.

ClearPass 6.10 is end of life / end of support. You should upgrade to version 6.11 or 6.12.

ClearPass will only sync of the version on the publisher and the subscriber are exactly the same; so it's expected that if versions are different that it will not sync.

If the in-product download doesn't work (it should), you can download the upgrade image from the networkingsupport site and upload it manually to the appliance. Still, a cluster upgrade should work and would be the preferred method. TAC may be able to help you, but they may also request you to go to a supported ClearPass version.

Hello Dears,

I have a publisher CPPM and a subscriber CPPM, I wanted to upgrade both of them from version 6.9.7 to 6.10.0, and after I downloaded the new firmware on the software updates page I installed the version directly by mistake not upgraded the cluster.

This resulted the publisher to be upgraded to version 6.10.0 and subscriber remain on 6.9.7 and after the upgrade the it showed the subscriber was disabled and they were not syncing, I waited couple of hours was still not syncing, I was able to reboot the subscriber CPPM from the publisher but it was not syncing and even after the reboot.

Now I rebooted the Publisher to the second old firmware image and subscriber syncs normally, but don't now what is the best way to fix this issue, I tried to upgrade the subscriber individually same as the publisher it fails to download. On the publisher with the new firmware there is no Rollback to the previous image but on the old firmware there is rollback to the 6.9.7 but not sure what's going to happen if I do that.

Your advice are highly appreciated. Thanks. 

Thank you Mr. Herman,

My original goal is to upgrade it to 6.12 but I was unable to upgrade it directly I have to do few intermediate upgrades.

Anyway, If I Rollback from the publisher on the second image 6.9.7, is it going to downgrade the first image 6.10.0 to the previous image, since I don't have an active support contract yet with the link to download the firmware is disabled in my account.

Thanks.

ClearPass 6.10 is end of life / end of support. You should upgrade to version 6.11 or 6.12.

ClearPass will only sync of the version on the publisher and the subscriber are exactly the same; so it's expected that if versions are different that it will not sync.

If the in-product download doesn't work (it should), you can download the upgrade image from the networkingsupport site and upload it manually to the appliance. Still, a cluster upgrade should work and would be the preferred method. TAC may be able to help you, but they may also request you to go to a supported ClearPass version.

Hello Dears,

I have a publisher CPPM and a subscriber CPPM, I wanted to upgrade both of them from version 6.9.7 to 6.10.0, and after I downloaded the new firmware on the software updates page I installed the version directly by mistake not upgraded the cluster.

This resulted the publisher to be upgraded to version 6.10.0 and subscriber remain on 6.9.7 and after the upgrade the it showed the subscriber was disabled and they were not syncing, I waited couple of hours was still not syncing, I was able to reboot the subscriber CPPM from the publisher but it was not syncing and even after the reboot.

Now I rebooted the Publisher to the second old firmware image and subscriber syncs normally, but don't now what is the best way to fix this issue, I tried to upgrade the subscriber individually same as the publisher it fails to download. On the publisher with the new firmware there is no Rollback to the previous image but on the old firmware there is rollback to the 6.9.7 but not sure what's going to happen if I do that.

Your advice are highly appreciated. Thanks.