Installing the Cisco ISE 2.4 Eval virtual appliance on ESXi 6.5 is a little tricky. This guide makes that install super simple.
Before we can install Cisco ISE (Identity Services Engine) we need to download a few components and tools. The first thing we need to download are the necessary Cisco ISE virtual appliance files and any updates.
How to Download the Cisco ISE Eval Virtual Appliance Template Software
- Download the .ova file from https://cisco.app.box.com/v/ISE-Eval.
- Download the latest patch bundle .tar.gz listed.
- Move the downloaded files to a temporary directory such as C:\Temp\.
Unfortunately, starting in ESXi 6.5 you’ll receive errors when trying to create a VM from the OVA template. More specifically, you’ll get the following error:
Issues detected with selected template.
To solve this, we need to convert the OVA file to an OVF file.
The easiest tool to use to do this is the VMware Open Virtualization Format Tool. To get this:
- Download the OVF tool from https://code.vmware.com/tool/ovf/4.1.0.
Now that we have our files and our tool we can finally get to work.
- Install the OVFTool msi file. In my case it is VMware-ovftool-4.3.0-7948156-win.x86_64.msi.
This is a command line tool so you won’t find it in your start menu anywhere.
- Open up a CMD prompt window as an Administrator.
- Change the directory to where you installed OVFtool:
CD “C:\Program Files\VMware\VMware OVF Tool”
Now one might think we could just convert from OVA to OVF but that’s not the case. If you do that you might find that you still run into the following errors when creating a vm from the OFV file:
Issues detected with selected template. Details:
-3.5:ATTRIBUTE_REQUIRED: Attribute “id” is required.
-3:5:ATTRIBUTE_REQUIRED: Attribute “href” is required.
-15:3:ATTRIBUTE_REQUIRED: Attribute “id” is required.
To get around that we need to convert the original OVA file to a VMX and then to an OVF file. Crazy, I know, but it was the only way to get around the errors and it’s pretty simple to do (albeit time consuming) with the OVFTool from VMware.
- Enter the following command in CMD prompt (while in the OVFTool install directory) to unpack the OVA into its’ VMX parts:
Ovftool.exe “C:\Temp\ISE-22.214.171.1247-virtual-Eval.ova” “C:\Temp\ISE-126.96.36.1997-virtual-Eval.vmx”
Running the above command will result in the creation of two new files:
We now need to convert from VMX to OVF.
- Create a new directory to store the new OVF files such as C:\Temp\OVF.
- Enter the following command in CMD prompt:
Ovftool.exe “C:\Temp\ISE-188.8.131.527-virtual-Eval.vmx” “C:\Temp\OVF\ISE-184.108.40.2067-virtual-Eval.vmf”
Finally, we have the OVF file that we can use to create a VM in vCenter without error along with its associated .mf and .vmdk files.
Creating the Cisco ISE Eval Virtual Appliance
- In your VMware environment (vCenter in my case) select to Deploy OVF Template.
- In the box that opens, click the Browse… button.
- Select all three of the files that were created in your new OFV directory from earlier (.mf, .ovf, and .vmdk) and click Open.
- Give your new VM a name and select the datacenter or folder that you want it created in then click next.
- Select the Host, Cluster, or Resource Pool that you want your VM created in and click Next.
- At the Review details screen click Next.
- Select your preferred virtual disk format and Datastore or Datastore Cluster and click Next.
- Select the Destination Network that your ISE server will be connected to and be addressed on and click Next.
- Review all your settings and click Finish.
VMware will now begin building your VM using a combination of your selections and the settings stored within the ovf file.
Initial Configuration of Your Cisco ISE Eval Virtual Appliance
Now that the appliance has been deployed to your ESX environment, we can fire it up and configure some basic settings.
- Power on the VM.
- Open a console window into the VM.
- At the prompt that says “localhost login:” type setup and press enter.
Your screen will clear and you’ll be returned to a prompt asking you to Enter hostname[ ]:. At this point the steps are pretty self-explanatory and will be specific to your network.
- Answer each prompt with your specific network settings and preferences.
The automated configuration process will kick off after the last prompt (Enter password again for SSH user) and will take a long time. It was almost 20 minutes before I was returned to a prompt to login and all process had started and the web interface was brought up.
- Log in to your ISE install by typing your username and password at the console prompt (or through SSH which should be working at this point).
- Enter command:
show application status ise
We want to make sure the Application Server process is in the STATE running. When I first installed Cisco ISE the Application Server process was stuck in STATE initializing. It took another coffee break before the process was running.
If the Application Server process isn’t running you won’t be able to open your ISE web page. You’ll just receive a 404 error.
Now that our Application Server process is in the STATE running, we can proceed with testing the GUI login.
- Open a web browser and enter the url of your ise server. It should be in format of: https://yourservername.domain.com/admin/login.jsp.
If your webpage does not resolve, make sure you have a Host (A) record in DNS pointing your hostname to the IP of your ISE server.
At this point you can type in your username and password and login to the ISE server’s web interface.
How to Install Cisco ISE Hotfix
Before you go nuts playing with your new ISE install you’ll want install the hotfix we downloaded in the beginning. This will ensure you have the most up to date platform to begin building from.
- Navigate to Administration -> System -> Maintenance -> Patch Management and click Choose File.
- Select the ise-patchbundle we downloaded in the beginning.
- Click Install.
At this point you’ll see an upload progress indicator appear in the lower left hand corner of the window.
It’s quick and easy to miss, leaving you to believe that ISE hasn’t done anything after you clicked Install.
Once it finishes uploading you’ll be kicked out of Cisco ISE back to the login screen. It’s advisable to wait at this screen for a few minutes before signing back in or you may get kicked back out as proceeds through the patch install. It took around 10 minutes for the install to complete and allow me to sign back in.
You can verify that the patch installed successfully by navigating back to Administration -> System -> Maintenance -> Patch Management and looking to see if the Patch is listed under Installed Patches. In my case I had a radio button with a 1 next to it indicating that Patch 1 had been installed.
So there you have it. You now have a fully up to date Cisco ISE Eval Virtual Appliance deployed and ready to take for a test drive.
Hopefully this saved you some time and heartache!
Recommended for You: Solarwinds Virtualization ManagerHow well do you know your VMware or Hyper-V infrastructure? Can you tell, at a glance, which hosts are ok? What about your storage and datastores? Are the VM’s healthy? What is soaking up all your network bandwidth? Where is all the memory and compute going?
Automate data collection and alerting of your virtualization infrastructure with Solarwinds Virtualization Manager.
Finally have complete visibility into your systems so you can identify potential issues before they become real problems.