Cisco ISE · Security

Installing ISE 2.3 on ESXi 6.x

We’ve just had quite the head scratcher trying to install the ISE 2.3 OVA on ESXi 6.5 and figured we won’t be the only ones.

Tl;dr – Convert the OVA to VMX then convert that VMX to OVF. Do not go directly from OVA to OVF.

The OVA can’t be deployed as.. an OVA

Yep. The install file provided by Cisco needs to be converted to a different format in order to work with VMware i.e. OVF.

The error message when attempting this:

3.5: ATTRIBUTE_REQUIRED: Attribute “id” is required.

3.5: ATTRIBUTE_REQUIRED: Attribute “href” is required.

15.3: ATTRIBUTE_REQUIRED: Attribute “id” is required.

Screenshot_1

To be fair this is partly documented by Cisco but it doesn’t clear much up on what to do next.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/install_guide/b_ise_InstallationGuide23/b_ise_InstallationGuide23_chapter_011.html?bookSearch=true

The ISE 2.3 OVA templates are not compatible with VMware web client for vCenter 6.5. As a workaround, use the VMware OVF tool to import the OVA templates.

Download VMware OVF Tool

https://www.vmware.com/support/developer/ovf/

For ISE 2.3 on to ESXi 6.5 I used OVF Tool version 4.2

You can convert directly from OVA to OVF but we encountered the error below after doing this and importing to ESXi. A senior colleague saved my bacon by saying they’d had luck going from OVA to VMX then to OVF.

4:5: PARSE_ERROR: Parse error: Unexpected character ‘.’ (code 58) (missing namespace prefix?) at [row,col,system-id]: [4,11,”descriptor.ovf”].

Screenshot_2

Convert OVA -> VMX

  1. Install the OVF Tool
  2. Place your OVA somewhere easily accessible (C:) and open up elevated command prompt.
  3. Navigate to cd C:\Program Files\Vmware\Vmware OVF Tool
  4. Initiate the executable in the format ovftool.exe “source file” “destination file” e.g. ovftool.exe “C:\ISE-2.3.0.298-virtual-SNS3415-600.ova” “C:\ISE-2.3.0.298-virtual-SNS3415-600.vmx”
  5. The above will convert from the OVA to the VMX in the same directory of C:

Screenshot_4

 

Once complete you will see both the original OVA and the two new VMX/VMDK files

Screenshot_6

 

Convert VMX -> OVF

Now that VMX can be converted to OVF. Note you can choose not to use the quotations like in this example as long as there’s a space between source and destination. I created an OVF directory so that it didn’t overwrite any files during this process.

ovftool.exe C:\ISE-2.3.0.298-virtual-SNS3415-600.vmx C:\OVF\ISE-2.3.0.298-virtual-SNS3415-600.ovf

 

 

You will end up with three files in your OVF directory and the OVF can be used for the import to ESXi.

 

Import to ESXi

This time there is no error on the import and the resources are automatically filled out via the OVF template.

Screenshot_3

Additional Note Feb 2018 from Frank (comments below):

“When deploying in VMware, I needed to select both the converted OVF-file and the VMDK-file. When selecting only OVF-file, VMware said that files where missing.”

 

Advertisements

7 thoughts on “Installing ISE 2.3 on ESXi 6.x

  1. When deploying in VMware, I needed to select both the converted OVF-file and the VMDK-file. When selecting only OVF-file, VMware said that files where missing.

  2. I had the issue with version 2.1 as well and this resolved it for me. I just wanted to add that if a separate directory is not specified for the ovf files and it does try to overwrite the files it may error out with something like this:

    ovftool.exe C:\ISE-2.1.0.474-mini.vmx C:\ISE-2.1.0.474-mini.ovf
    Opening VMX source: C:\ISE-2.1.0.474-mini.vmx
    Opening OVF target: C:\ISE-2.1.0.474-mini.ovf
    Writing OVF package: C:\ISE-2.1.0.474-mini.ovf
    Transfer Failed
    Error: Output file C:\ISE-2.1.0.474-mini-disk1.vmdk already exists. Use overwrite flag to delete it.
    Completed with errors

    Using a separate directory as mentioned in the steps above for the ovf resolves the error. so the syntax I used should have used is:
    ovftool.exe C:\ISE-2.1.0.474-mini.vmx C:\ovf\ISE-2.1.0.474-mini.ovf

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s