Symptom

CTS PAC auto renewal will fail with the switch returning the following when "sh cts pac" is issued: F340.05.22-C9300-48UXM-0F53#sh cts pacs AID: 344FDE6124065B52E2BA8ADF0581FEA5 PAC-Info: PAC-type = Cisco Trustsec AID: 344FDE6124065B52E2BA8ADF0581FEA5 I-ID: F340.05.22-C9300-48UXM-0F53 A-ID-Info: Identity Services Engine Credential Lifetime: 17:34:28 UTC Thu Jun 01 2023 PAC-Opaque: 000200C80003000100040010344FDE6124065B52E2BA8ADF0581FEA5000600AC0003010053310744C97B78C66ADEF6F04726630C00000013646FDFB400093A80867E9BF20AFA854AA8EF030B5A282E941DCF5C26774BF818A4B97DEBCCF22F6AB7485469DA25E584C01869086226C305260FDB1291D4DED25E7FA227B637426F1DE62182A9417E4167C8EAA6BD44E654CB67EC2E3EBE1E58BF8013F9B42A775B2A7C468EAEC44CC5E09D7897E5843015FB2EC8B60B0FBE26463FF2DE2916B32BEA95CC9004169A3D5098C604 Refresh timer is set for 00:00:18 Refresh delayed for 390 seconds waiting for server address information. Switch does not attempt to renew the PAC because of this

Conditions

ISE 3.1 P5 C9300 17.03.05

Workaround

Recommended steps to perform manual PAC refresh, clear cts environment-data and cts refresh environment-data after the maintenance window of the ISE upgrade. so that new data(new AID, new set of slist servers) will be downloaded to the device after the ISE upgrade.

Further Problem Description