Lab Minutes Forum

Technical Discussion => Security => Topic started by: gvoden on March 07, 2016, 05:22:04 AM

Title: Renaming Cisco ISE nodes
Post by: gvoden on March 07, 2016, 05:22:04 AM

Hi everyone,

we are moving a few of our nodes to a new data center and will have to eventually rename them using a new naming standard.
Has anyone experienced any gotchas?
My understanding is this is what needs to be done:
1. Deregister node from cube
2. Unjoin node from active directory
3. Remove DNS entry for old name
4. Create DNS entry for new name
5. Join Active Directory
6. Generate new CSR for all nodes that are changing names
7. Import new certificate for node

- what is the risk of doing all of the above, from what I am reading some people are suggesting that changing a hostname can actually make the node unusable. My deployment is based on physical appliances.

thank you!

Title: Re: Renaming Cisco ISE nodes
Post by: MC on March 07, 2016, 11:17:08 PM

Your steps look about right. I am trying to remember if the node will be back to standalone after deregistration, and if not, whether you need convert it back to standalone.
I would agree that changing node hostname/IP should be avoided if possible. With that said, I have done it before and have not yet run into any issue.

Title: Re: Renaming Cisco ISE nodes
Post by: gvoden on March 09, 2016, 02:18:38 PM

Yes, it will go back to standalone after deregistration.
Will post after we perform the rename process, likely a few months out.

Title: Re: Renaming Cisco ISE nodes
Post by: MC on March 09, 2016, 11:04:43 PM

Let us know how it goes.