ACS 4.2 to 5.4 ACS replication of databases

Similar Questions

• Problem with ACS 4.2 database replication

  Greetings,

  I'm not able to replicate data between two ACS SE 4.2. I get the following error:

  Inbound replication of database of ACS 'ACS_BEX_001' denied - shared secret mismatch.

  Apparently, the configuration is ok. I enclose the configuration of these two ACS.

  Hello

  The problem you see are because of the Self entered on each ACS is set to 127.0.0.1.  For replication to work, you must set all 4 entries of ACS at the same shared secret, even the self ones.  The problem is when you try to change these entries, it will tell you that you can't use 127.0.0.1, but it also won't let you change the ip address.

  The bug Id for this problem is CSCso36620.  Workaround declares that the CLI, you can use the "set ip" command to put the IP address in the initial INVESTIGATION period and it should update the self entry in the GUI.  At this point, you should be able to update the secret shared on all 4 devices.

  Let me know if you have problems to make it work.

  Thank you

  Nevin

• Replication of database ACS SE 3.3.3

  HelloW

  I have some problems with replication of database with 2 ACS SE 3.3.3

  On each ACS, I have configured the other FAC as ACS server.

  On primary, I moved the ACS secondary to a replication partner.

  Secondary, I did not move primary ACS to a replication partner.

  Shared key is the same on the two ACS...

  In the journal of primary education: replication send ok

  In the high school newspaper: replication failed: Secret do not match!

  Secrets are absolutely!

  What can be the problem?

  Thank you

  Remco

  "Shared Secret Mismatch" means that the key to the primary in the primary or the secondary server does not.

  I suggest to enter secret key on free primary entry and the entry of the primary server to the secondary server.

  DO NOT COPY PASTE

  Kind regards

  ~ JG

  Note the useful messages

• The ACS replication ports

  Hello all, I have two ACS 3.3 and I try to replicate but it does not work. The topology is something like this:

  ACS1<->PIX525<->RouterTelmex - Internet - RouterTelmex<->ASA5540<->ACS2

  I test a lot of things, and I guess that the problem is in ASA5540. So the question is: is anyone know which ports need to be opened in ASA5540 to allow replication? I know there must be opening of port 2000, but I think there must be some ports more.

  Thank you very much.

  Gabriel

  Hello Gabriel,

  I know, you only need port 2000 to open for replication of the ACS.

  BTW, did you skinny inspection enabled on the ASA. The ACS replication is running on port 2000 who also happens be the same port as the Skinny Protocol. Make sure that he lean on the two firewall inspection is disabled and see if you can get the replication.

  no correction protocol 2000 skinny

  I hope it helps.

  Kind regards

  Arul

  * Please note all useful messages *.

• Replication of database

  I have two separate ACS servers. Of these, one is active and has the entire base. I would like to make a master server and others as before, with their database in the form of images of mirror each other and redundancy as well. Can someone tell me how to set up replication of database in GBA?

  Hello

  All the information you need can be found on the page provided by the following link:

  http://www.Cisco.com/en/us/products/sw/secursw/ps2086/products_configuration_example09186a00800e518a.shtml#T2

  Hope that helps.

• We are in the streams we want to use the tools of replication of database of 3rd party for Oracle freeware. Pls suggest

  We are in the streams we want to use the tools of replication of database of 3rd party for Oracle freeware. Pls suggest

  Hello

  GoldenGate and shareplex are large databases for heteregenous platforms oracle replication tools.

  Shareplex replicates data between heteregenous platforms for example source on Linux and Windows.Shareplex target come from queues so that when we define it a few tables in the configuration of the source files, it will get automatically reproduced in the target database.

  SharePlex 8.6.2 technical documentation

  Concerning

  Rami

• ACS replication problem

  I have two ACS with replication configured. Manual replication works fine, but when setting up scheduled replication, server said "preliminary checks indicate a unnecessary outgoing replication - completed cycle. Even if the new features have been added to the main server, replication is irrelevant.

  Any thoughts?

  Please check this bug,

  CSCsd02854 : automatic replication has not triggered after changing the config

  components

  Symptom: When it is configured for automatic replication, only the changes to the users/groups/SPC are replicated automatically. Changes to the configuration of NAS, Admin, PAN, external databases

  components do not replication trigger.

  Conditions: This is seen when the automatic replication (intermittently or at a specific time) is configured.

  Solution: Start the replication manually after configuration changes for the affected

  components have been made.

  http://Tools.Cisco.com/support/BugToolKit/action.do?hdnAction=searchBugs

  Please make sure that the secondary ACS server, we have all the replicated network devices

  from the primary ACS server successfully. If they are not, and we have configured replication scheduled to take place, then we are hitting this bug.

  Kind regards

  ~ JG

  Note the useful messages

• Duplicate the user in the ACS 3.3 database

  I use ACS to authenticate the mac address. It's on a device. I created a user with the user name and password as the mac address and now it is listed twice! Can I delete a single entry, but not the other. What can I do to clear it out of the database?

  Hello

  Please use the dbcompact via the serial console command to fix.

  Here is the link for the procedure of execution of dbcompact.

  http://www.Cisco.com/univercd/CC/TD/doc/product/access/acs_soft/csacsapp/CSA

  PP33/install/admap.htm#wp1058379

  That should fix it.

  Kind regards

  Jagdeep

• Authenticate on ACS with external database

  Hello

  Is it possible to connect to the ACS page with an external database?

  I want to connect to the ACS admin with an external account page.

  Thank you

  Not yet. I also wish that they will apply.

  HTH

• ACS SE several databases Windows

  Hello

  is it possible to have several databases of windows on a SE of GBA? The problem is that we need to access two areas of differentiation, which are not approved and have no great area.

  Thanks a lot and best regards

  Dominic

  Hello

  We would require both approval of external/transitive way between the two domains.

  There are 2 ways to work around the problem:

  1. install an another ACS to the remote site/domain and route all the

  applications for users of the remote domain to the ACS.

  2 configure the partner domain as LDAP on GBA (Corp. website), this should not require domain trust. The only problem that we will have some authentication methods is not supported when using ldap.

  Here is the complete list of stuff that is supported by LDAP:

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/Overvw.html#wp824733

  Hope that helps!

  Kind regards

  ~ JG

  Note the useful messages

• Replication of database 2

  Hi all
  
  Who is best to use in a replication, Golden Gate, or streams?
  
  
  Thank you very much
  
  zxy

  then you can go for 'GOLDEN GATE' easy to install

• Replication of database in production mode

  Hi all
  
  I explored a lot, but again, I'm not sure which method to adopt for * replicate the database server so that transactional traffic and have reported the two can be diverted to two different servers, reporting uses procedures that deal with the data in temporary tables and then the report is out to find
  
  Thanks in advance
  
  Piyush

  Physical Dataguard is read-only.
  Active Dataguard is read-only.

  Dataguard logic can be read-write.

• ACS 3.2 (2) Build 5 replication problem

  Hi all

  There are two ACS servers, sits inside an ASA 5510 at Headquarters and the other is inside an ASA 5510 on the hot site.

  These 5510 s ASA have been developed to replace two 515Es PIX and the claim is that since the ASAs went replication has stopped working. Of course, it makes no sense to me because there is communication between the ACS server and the firewall is down not anything whenever "replicate now" is issued.

  Unfortunately, I dunno much about ACS then is there something I can look for to help troubelshoot it ACS newspapers say

  WARNING cannot replicate to '4' Server - server does not

  That doesn't help us much, this is a way to get more detailed info journal which could indicate a problem? Thank you.

  Hello

  ACS uses the port TCP/2000 for replication. This port is also used by the skinny Protocol, making the port used by the ACS replication process.

  Fails replication of the ACS from the primary to the secondary, primary school reported that he cannot contact the secondary, and secondary shows any replication of the primary activity.

  A firewall between the two servers, ACS is configured to inspect the skinny Protocol, which uses the same port (TCP/2000) that the ACS replication process.

  If you do not have a call manager behind your firewall, please disable

  Skinny inspect if it is enabled.

  #Under overall policy, take the skinny inspection out of the inspection_default #class.

  don't inspect skinny

  You need to do this on both sides.

  HTH

  JK

  Please evaluate the useful messages-

• ACS appliance 4.2 - database replication internal problem

  HelloW

  I'm yunchoul jung in Korea

  now I'm setting up ACS unit 1113 ver4.2

  in internal, primary and secondary database replication server ACS cannot repliacate the database due to the configuration of SELF (127.0.0.1) by default in the configuration of the network.

  so I have a guestion, how do I replace 127.0.0.1 address to the ip address you want or delete SELF (127.0.0.1) address

  I don't understand a procedure of solution in the documentation below.

  Thank you for your help in advance

  Problem: 127.0.0.1 is a reserved address

  You have two units of the ACS SE 1113 and replicate the database internal from the primary to the secondary.

  but you notice this error message in the secondary unit:

  Replication of database of ACS denied - incompatibility of secret shared incoming

  When you try to change the key of course AAA under Network Configuration Server error message is

  returned.

  This is due to a known bug,

  Symptom: 127.0.0.1 address appears in ACS and the replication fails

  Conditions:

  Install Acs S/W version 4.2.0.124

  Disable the network adapter

  Enable network card

  * Go to the network settings page.

  * Should see the AA server IP to be a return loop

  Workaround solution:

  For windows: remove the 127.0.0.1 entry

  For the device: back up the database, install ACS on windows, restore, delete

  the entry, make a backup and restore on the device

  http://Tools.Cisco.com/support/BugToolKit/search/getBugDetails.do?caller=pluginredirector&method=fetchBugDetails&bugId=CSCso39795

  Kind regards

  ~ JG

  Note the useful messages

• Is ACS 4.2 - possible to change the port of replication?

  Hello

  try to find out if she some tweek to change the port of TCP/2000 ACS replication to something else.

  I know that it is possible to make a different map policy or not to inspect the skinny Protocol in order to avoid the conflict, but not the solution I'm looking for. I was wondering if anyone knows of a different way to change the port of 4.2 ACS replication.

  Hello

  What is the version of the CSA, you run?

  If you then run ACS 4.2.1.15

  Problem : ========= ACS replication port re-configuration. Resolution : ============ Please follow the following steps: 1.       Interface configuration > Advanced Options > Check the checkbox ACS Communication Port Configuration. 2.       System Configuration > service control > Configure the Port to be used for the ACS Internal Communication (choose any port between 2010 to 2025)
  
  Regards,
  
  Anisha
  P.S.: please mark this thread as resolved if you think your query is answered.