ACS 5.0 Patches
Hi all
are there patches available for the ACS 5.0 system 90-day eval?
I am to evaluate ACS on vmware platform.
The patch 5-0-0-21 - 6.tar.tar doesn't seem to be a valid file to do so.
The Readme a .gpg file but the patch that I downloaded is a .tar gall and it is impossible to unpack it.
I renamed the file and it worked for me, rename it to. tar.tar to. tar.gpg. The issue I had was that the fichier.6 was not working, I installed very well eu.5.
Tags: Cisco Security
Similar Questions
-
ACS 5.2 patch 5-2-0-26 - 2.tar.gpg
Hi all
Anyone successfully installs patch 5-2-0-26 - 2.tar.gpg 5.2 GBA? After downloading the patch of my deposit of tftp I got the error message:
ACS patch install 5-2-0-26 - 2.tar.gpg repository tftp
chmod: cannot access at the "* .sh ': no such file or directory".
Patch not valid 5-2-0-26-2.tar.gpg'-missing install.sh
% Error: failed to open / validate the patchI tried to download the patch on Cisco's Web site twice with the same result. I also tried patch 5-2-0-26 - 1.tar.gpg does not. It seems to be no mistake on the site of the tftp server (I use 3CDaemon).
Thank you very much for your answer.
Yours sincerely,
Zdenek Rottenberg
Yes, I installed the Update Rollup 2 without error but I'm not using TFTP FTP with anonymous, have you tried to download the file with a TFTP client, this is the first time use you TFTP to ACS?
-
Cisco ACS 5.3 patch 8 Volume OPT
Hello
We currently have 12 ACS unit with one of them being a dedicated newspaper collector. We have authentication of 802. 1 x configured for network and Wi - Fi ports. We are authenticating desktop, laptops, smart phones, etc. on our network.
The problem we have is the volume of the OPT exceeding 30% volume size recommended by Cisco TAC after a few months. We have recently added more resources on our network (fusion). We are now on the size of 30% in about 1 month.
In the past, we called Cisco TAC when we had problems with performance Log Collector. It's time was also authenticate clients 802.1 x. We have added a new device and is a dedicated Log Collector. They would check the volume of the OPT and to find that it was about 70% use the size. They launch the Console Root patch and delete the DB and then re-create. We did about 2 times before starting to monitor the size of the volume OPT.
This last time, we ran in the 30% the size of volume more rapid then we had previously. I got a Cisco TAC volume of the OPT to delete and recreate it.
Cisco TAC recommended that we reduce the amount of logs that are sent to the collector of the newspaper. We are currently investigating this option.
The questions I have is:
What percentage of size for the volume of the OPT should be concerned until it starts impacting on the performance of the Log Collector?
Is there another thing we can do to reduce the amount of logs that are sent to the Log Collector?
We have data purge set to 30 days. We are complete and incremental database backups. We also have local send logs to a Syslog server.
We test them make changes to send only AAA Audit logs and statistics system of Log Collector.
Thank you
In the distributed configuration, its recommended to set up a secondary server dedicated as a collector of newspaper. However you have a large deployment, so I'm sure that authentication rate would be too high causing Dungeon size view-basic data on the increase.
In order to avoid running out of disk space, we need to manage. This means identifying the files that are created and written by processes on the system, allocate a budget to space them as if the files remain in their budget all the services can be supported without interruption, then define and implement the necessary facilities so that these files in their budget.
There are two mechanisms to reduce this size and prevent it from exceeding the maximum limit.
1. air scan: this mechanism the data will be purged based on the retention period of data configured or arriving at the upper limit of the database. In Patch 6 new provided option to demand purging as well.
2. compress: this mechanism frees up unused space in the database without deleting all records. Before the compress option can only be performed manually. GBA 5.3 Patch 6 there are improvements so it will automatically work every day at a preset time, when specific criteria are met.
What percentage of size for the volume of the OPT should be concerned until it starts impacting on the performance of the Log Collector?
The TAC recommendations are right. You will be able to use all the ACS function if / opt is less than 30%.
Is there another thing we can do to reduce the amount of logs that are sent to the Log Collector?
It seems that you use most of the features/mechanisms to have / low opt. However, you may be interested to read more about scrub data and data compression improvements http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/release/notes/acs_54_rn.html
S ' Please use System Administration > Configuration > journal Configuration > Logging categories > Global to configure only the logs required the sending to the ACS View log-collector.
-Provide the cool screenshot of the page Configuration Monitoring > System Operations > Data Management > removal and backup.
-With the below listed command you can check real and physical terrain database size
ACS-config
Username: acsadmin
Password: *.
acsview show-dbsize
There are some known defects on the same subject. However, the version you use improves database management process.
CSCto47203: ACS 5 runs out of disk space
CSCua51804: see backup fails even when there is disk space
Jatin kone
-Does the rate of useful messages-
-
ACS v5.3 patch problem 5-3-0-40-2
I have a v5.3 ACS server runs at the level of patch 5.3.0.40.1, I try to apply the 5.3.0.40.2 patch and it fails with the following error:
AMTVACS01 / admin # acs patch moved 5-3-0-40 - 2.tar.gpg repository ACS5PATCHES
/opt/CSCOacs/Mgmt/CLI/bin/patch-wrapper.sh: line 129: cd: 5-3-0-40-2: not a directory
MV: ' / opt/CSCOacs/patches/5-3-0-40-2.tar.gpg 'and '. / 5-3-0-40 - 2.tar.gpg' are the same file
Patch ACS installation requires a reboot of the ACS services. Continue? (yes/no) Yes
Cannot install ' 5-3-0-40-2'-veuillez open the patch using 'validate' first
I checked the server's FTP log this repository hosts the ACS5PATCHES, and I see the file are read by the ACS server. I confirmed that the server is running 5.3.0.40.1 patch level currently. I have looked for answers to this problem, including establishing a new repo, but nothing has solved the problem.
Does anyone have a solution?
Rename the file on the FTP server to something like 5-3-0-40 - 2N.tar.gpg, and then try again.
Kind regards
Jousset
The rate of useful messages-
-
Problems with patching: ACS 5.0 to 5.1 upgrade
I'm following the instructions to upgrade ACS 5.0 to 5.1
But I can't get past the first step:
Step 1
Install the ACS 5.0 patch:Issue the following command from the patch CSA in EXEC mode to install the fix for the ACS:
Install patch ACS patch-name. tar.GPG repository repository-name
Here is my result:
/ Admin # acs patch install repository 5-0-0-21 - 9.tar.gpg mytftp
chmod: cannot access at the "* .sh ': no such file or directory".
Error: Could not open the patch 5-0-0-21 - 9.tar.gpgIt download the patch via TFTP ok, but cannot install it.
Can anyone help?
Thank you
There are problems in 5.0 with using tftp for file transfers that exceed 32 MB. There may be problems with the ftp servers that exceed this limit.
I recommend to start using the alternative repository type. For example, ftp or a local repository on the server.
-
OK, maybe a stupid question... when I download the patch on the Cisco site, it indicates that it is a. GPG file, however, once the download complete it appears as one. TAR. TAR file... am I supposed to rename it? Or am I wanted to unzip somehow, unpack everything utility I try says that the file contains no archives or is incomplete or corrupted!
If there is a document that details how to install patches please someone could post the link.
Hi Paul,.
It is a browser problem. You must rename the file with the extension .gpg (the original name of the patch file) for a successful installation of patch later. In other words, the installation will fail if you leave the patch name with the. tar.tar extension.
As for your question on how to install the patch, it's in the Readme of the patch that you would see a link to "Readme for ACS download the patch file itself. "Here is the link to the Readme for 5.1.0.44.4 update rollup. Click this link to open the readme file before you click on the "Go ahead with Download" button to download the patch file.
Here is the Readme for patch 5.1 ACS 4.
http://www.Cisco.com/Web/software/282766937/28141/ACS-5-1-0-44-4-Readme...
Kind regards
Cam.
-
Hi all
I have a server running ACS v 4.1. This is a Windows server 2003 R2 standard edition service pack 2. I'm currently vulnerabilities of Microsoft patches patch on it. He's going to impact ACS? Anyone patches from Microsoft has install met and have problems after that?
Thank you very much
As a general rule, patches do not cause any problems. But the problem may be in case you run acs on an unsupported platform.
For example if your server is running on multiple processors (ACS supports several processors software worm 4.1.4).
Check the release notes for software compatibility.
Kind regards
~ JG
Note the useful messages
-
I was wondering if someone can help me to update my ACS camera with patch 4.1.1.23.4 - SW. It's simple to apply it in a normal server, 2000. The ACS unit according to me is different because we can access through normal terminal, keyboard and mouse.
Some I had to read it is necessary a tomcat server?
Help, please
ADI
Hello
ACS v4.1.1.23 patch 5 is available then go for this new patch.
You should have a pc that can access the ACS through the web interface. Keep the file of fix on the PC.
Follow the steps below on the PC:
[1] extract zipped file
[2] get? Autorun.exe? file and double-click it
[3] it will start a server tomcat on your desk and you? 'll see a web page asking ACS
IP SE:
Provide the IP ACS SE and the press? Install?
[4] he will ask for ACS admin username and password as shown below:
Specify the user name and the password and connect.
[5] then he raise ACS GUI, then go to
System configuration > device upgrade status > download,.
Then we? 'll get a screen where it will ask for the ip address of the server to install:
Provide the ip address of the system where we apply this patch, in our case our
ip address of office, and then click on connect.
[6] he will show us after screen:
Click on? Download now?
Then he? show us this screen:
Press? Refresh? Until we see the following screen:
[7] now, press on? Apply the update? Then he? He wants confirmation:
Press? Update?, then we? 'll get information about the patch.
Click on? Yes?.
It? LL take a few minutes to apply this hotfix on the device.
Then he? show us a confirmation message:
Press? Fact?, then the system will restart.
To confirm that the patch has been applied successfully, goto
System configuration > status upgrade unit
After all right, stop the tomcat server by clicking on? stop server distribution? or
If you want to apply this hotfix on a device more click on? Install following?
I hope this helps.
~ Rohit
-
Impossible to browse Active Directory to an ACS 5.1
Hello
We joined our ACS 5.1 in our Active Directory 2003, the system seems properly attached on the ACS we like connectivity status: joined and if we try with the test button we get "connection succeeded", on the AD tool, we notice that you have created a computer for our ACS account.
We wanted to created the group directory but the navigation tool is empty and no request does not give any output.
The ACS is joined, but we are not able to browse Active Directory.
Any suggestions that could be the problem?
Thank you.
It is a matter of course due to defect mentioned below.
CSCtf39158 - failed to retrieve ad groups in a single forest with multiple trees scenarios
You must apply the Patch 3 for this problem
file name: 5-1-0-44-3
Download of: CEC / Support / download http://www.cisco.com/public/sw-center/index.shtml
Letter: Security / identity management / Cisco Secure Access Control System / Cisco Secure Access Control System 5.1 / 5.1.0.44
##Steps to create the repository.
This FAC CLI mode
Create a repository (it's basically FTP server definition)
AAA/admin (config) # repository FTP---> (can be any name)
AAA/admin(config-Repository) # url ftp: / /
AAA/admin(config-Repository) # password ordinary user===============================
Steps to install the ACS 5.1 patch:
===============================Issue the command patch GBA following in EXEC mode to install the fix of the ACS:
ACS, install patch patch - repository name.tar.gpg repository-name
Rgds.
JK
The rate of useful messages-
-
Ganymede + auth-proxy on acs 5.0 and later support?
The nas is 2801 with ios 15.1 and acs 5.3.i want to deploy auth-proxy using Ganymede + protocol.but there no work.using RADIUS is ok.
I want to know Ganymede + auth-proxy on acs 5.0 and later support?
Thank you!
GANYMEDE + Auth-Proxy is only supported after ACS 5.3 patch 5. Upgrade your ACS 5.x or use RADIUS for authentication Proxy.
-
ACS 5.2 Directory groups are not displayed, I can't selec
Hello
I have GBA 5.2 VMware.
Directory groups are not displayed, I can't select.
Please it is very urgent, your help will be invaluable to me.ACS joined 5.2 AD purpose users cannot authenticate.
Can someone help me?
This patch you run on ACS 5.2? There is a known problem with the recovery of group. Check the latest ACS 5.2 patch to solve this problem.
CSCtl23615 Failed to retrieve AD Group info. Centrify library error
Symptom:
Unable to retrieve AD groups and attributes ADConditions:
ACS is attached to an AD domain 2008R2. In trying to recover the ad groups or attributes, the operation fails with an error of Centrify library.Workaround solution:
NoneIntegration with Active directory by the ACS:
http://www.Cisco.com/c/en/us/support/docs/security/secure-access-control...
Kind regards
Jatin kone
* Make the rate of useful messages *.
-
Join the ACS 5.4 AD strange question
Hello
We have two ACS boxes with the same version of software (5.4.0.46.0a), we have been able to join the domain a that only ACS and other ACS are given the error attached.
When we checked "main-acs-01 / admin # acs troubleshooting adcheck
, he gave the same error for the two candidate countries, however an ACS successfully joined the domain and still others we failed." principal-acs-01 / admin # acs troubleshooting adcheck<>
This command is only for advanced troubleshooting and could suffer a lot of network traffic
Do you want to continue? (yes/no) Yes
OSCHK: Check that it is operating system: pass
PATCH: Patch Linux check: pass
PERL: Check that perl is present and is a good version: pass
SAMBA: Inspection of the installation of Samba: pass
SPACECHK: Check if there is enough space in/var/usr/tmp: pass
HOSTNAME: Check the hostname parameter: pass
NSHOSTS: Check the hosts line in /etc/nsswitch.conf: pass
DNSPROBE: Probe Server DNS 172.24.1.1: pass
DNSPROBE: Probe Server DNS 172.24.1.2: pass
DNSCHECK: Analyze the health of DNS servers database: pass
WHATSSH: Is it a SSH DirectControl works perfectly with: pass
SSH: SSHD version and configuration: Note
: You are running OpenSSH_5.3p1, CiscoSSL 0.9.8r.1.3.
DOMNAME: Check that the domain name is reasonable: pass
ADDC: Search for domain controllers in the DNS: pass
ADDNS: Search DNS DC xxxx.
: Pass ADPORT: Scan of Port DC xxxx.
: Pass ADDNS: Search DNS DC xxxx.
: Pass ADPORT: Scan of Port DC xxxx.
: Pass ADDNS: Search DNS DC xxxx.
: Failed : Could not resolve the IP address of xxxx.hmc.org.qa.
ADDNS: Search DNS DC xxxx.
: Pass ADPORT: Scan of Port DC xxxx.
: Pass ADDNS: Search DNS DC xxxx.
: Pass ADPORT: Scan of Port DC xxxx.
: Pass ADDNS: Search DNS DC xxxx.
: Pass ADPORT: Scan of Port DC xxxx.
: Warning : One or several ports did not respond correctly. Either:
(: a) the domain controller is offline
(: b) a firewall prevents access to a port
: The following is a list of ports has failed:
: ldap 389/udp - timeout
: 445/tcp smb - denied
: ldap 389/tcp - denied
ADDNS: Search DNS DC xxxx.
: Pass ADPORT: Scan of Port DC xxxx.
: Pass ADDNS: Search DNS DC xxxx.
: Pass ADPORT: Scan of Port DC xxxx.
: Pass ADDNS: Search DNS DC xxxx.
: Pass ADPORT: Scan of Port DC xxxx.
: Pass ADDNS: Search DNS DC xxxx.
: Pass ADPORT: Scan of Port DC xxxx.
: Pass ADDNS: Search DNS DC xxxx.
: Pass GCPORT: Port scan of GC xxxx.
: Pass ADDNS: Search DNS DC xxxx.
: Pass GCPORT: Port scan of GC xxxx.
: Pass ADDNS: Search DNS DC xxxx.
: Failed : Could not resolve the IP address of airportdc1.
. ADDNS: Search DNS DC xxxx.
: Pass GCPORT: Port scan of GC xxxx.
: Pass ADDNS: Search DNS DC xxxx.
: Pass GCPORT: Port scan of GC xxxx.
: Pass ADDNS: Search DNS DC xxxx.
: Pass GCPORT: Port scan of GC xxxx.
: WARNING : One or several ports did not respond correctly. Either:
(: a) the GC is offline now
(: b) a firewall prevents access to a port
: The following is a list of ports has failed:
: gc 3268/tcp - denied
ADDNS: Search DNS DC xxxx.
: Pass GCPORT: Port scan of GC xxxx.
: Pass ADDNS: Search DNS DC xxxx.
: Pass GCPORT: Port scan of GC xxxx.
: Pass ADDNS: Search DNS DC xxxx.
: Pass GCPORT: Scan of Port GC xxxx
: pass ADDNS: Search DNS DC xxxx.
: Pass GCPORT: Port scan of GC xxxx.
: Pass ADGC: Check Global catalog servers: spend
DCUP: Search for operational controllers
: pass SITEUP: Check DCs for
in our site: go DNSSYM: Check the symmetry of DNS server: pass
ADSITE: Verify that the subnet of this machine is in a site known as AD: pass
GSITE: See if we think it is the correct site: pass
TIME: Synchronization of clocks Check: pass
2 serious issues have been encountered during the audit. These must be fixed before proceeding
2 warnings were encountered during the audit. We recommend that you check these before proceeding
principal-acs-01 / admin #.
The one facing this problem before and grateful if someone can tell how to solve this problem.
It is a known issue with ACS 5.3 However, we had this problem in ACS 5.3 patch 7 and 5.4 of the ACS
Since you're under 5.4 ACS, it should not trigger.
CSCtx53223 After update 5.3 ACS fail to join the domain AD - lack of license Centrify
Symptom:
After the upgrade from 5.2 to 5.3, ACS is unable to join the domain. AD connection worked for several days, until the services have been restarted. After this, ACS is unable to join AD with the following in ACSADAgent.log error message:
Jan 20 02:36:32 CBR1BACS01 Bordes [6814]: DEBUGGING cli.adjoin Join to area is permitted only with a licensed copy of DirectControl. Obtain a license or learn more about Centrify following http://www.centrify.com/express
Jan 20 02:36:32 CBR1BACS01 Bordes [6814]: DEBUGGING cli.adjoin without a permit, you can connect to a domain via Auto Zone by specifying Bordes w Test.Test
Conditions:
Move from 5.2 to 5.3. Restart the services thereafter.
Workaround solution:
Save the ACS db and recreate the picture on the box to 5.3
How upgrade to 5.4 ACS
1.] updated to 5.3 to 5.4 using the upgrade package.
2.] reianged with ACS 5.4 ISO and restored the database ACS 5.3.
I suggest you to prosecute on this TAC. [Most likely you must reimage the server and restore the database if you had crossed with option 1.]
~ BR
Jatin kone* Does the rate of useful messages *.
-
Good evening. I have problem with ACS 4.2 and AD, autification on PC I have an internal error. In RDS.log, I have this line:
Error authentication UDB_NT_UNKNOWN_ERR (DOMAIN)------(USERNAME) - no response sent to the NAS
I already checked coat of physhic problems, dot1x switch configured, agent remote ciscosecure installed.
Hello
Is the file also considered Auth.log "Windows authentication FAILED (error 6L)" for the same RDS timestamps and failures?
Also, what version of ACS (include the Patch) are you using? You log on Windows Server 2003 or 2008 or 2008 R2 AD?
NOTE: Remember that 2008 R2 AD is not supported by any 4.x version of ACS.
Also, make sure that you have complied with the following requirements:
Check that apply to you as there are has two options: Member Server Windows or a Windows domain controller.
Kind regards.
-
Version of Cisco ACS 5.1.0.44.3 integrate with active directory server from Microsoft windows 2012?
Version of Cisco ACS 5.1.0.44.3 integrate with active directory Microsoft windows 2012 R2 server?
Unfortunately, it does not support R2 2012
5.1 ACS supports all editions of:
Windows Active Directory (AD) 2000
Windows AD 2003
Windows AD 2003 R2
Windows AD 2008
Windows AD 2012 R2 is supported after ACS 5.5 patch 1 and following.
Please find below the steps to go from 5.1 to 5.5 hotfix 1:
STEP FILE COMMAND Apply the 5.1 patch 6 5-1-0-44 - 6.tar.gpg ACS patch install repository 5-1-0-44 - 6.tar.gpg ftp_repository_name Apply 5.3 ACS_5.3.0.40.tar.gz application upgrade ACS_5.3.0.40.tar.gz ftp_repository_name Apply the patch 5.3 8 5-3-0-40 - 8.tar.gpg ACS patch install repository 5-3-0-40 - 8.tar.gpg ftp_repository_name Apply the sharp Patch Pointed-PreUpgrade-CSCum04132-5-3-0-40.tar.gpg ACS patch installs Pointed-PreUpgrade -CSCum04132- 5-3-0 - 40.tar.gpg repository ftp_repository_name Apply 5.5 ACS_5.5.0.46.tar.gz application upgrade ACS_5.5.0.46.tar.gz ftp_repository_name Apply the patch 5.5 1 5-5-0-46 - 1.tar.gpg ACS patch install repository 5-5-0-46 - 1.tar.gpg ftp_repository_name Best regards ~ jousset
-
Personalized services in ACS5 to support the Nokia/Checkpoint Firewall
Hi all
my old ACS 4.1 installation I've customized GANYMEDE + services to support our Firewall Nokia (Checkpoint now). Currently, I have a chance to add this personalized service to ACS5.
Anyone know if this feature is on the roadmap, and when it will be available?
concerning
Dirk
Yes. It is also possible to use personalized services. However, there is a bug related to authentication with customized services that will be fixed in the next update for ACS 5.1 (patch 2). It is:CSCte16911
Authorization of services works OK
Maybe you are looking for
-
I need to move a screen all at once and do not see the scroll movement.
When I hit the space bar on the screen down, all dragging to the top makes me carsick. I don't want to see it, I want to just jump down. Is there a way to do this in Firefox? I have a Visual and neurological disability, so this isn't something I can
-
(Corrupt) 12.3 without updating iTunes library
Today when I opened my iTunes library it saids me that iTunes library was damaged and about 2500 titles and almost all of my missing playlist (it seems that iTunes uses a previous library of mine, like 6 months ago or not). I tried with the last iTun
-
Photosmart HP 7520: Scan to email does not work
Hello For the last few days I am facing problems of scan to e-mail function. It gives me an error - "failed to connect to Web Services. "Confirm access to the internet and try again. I checked access to internet, is turned off and turned back on, but
-
I have a desktop computer, with Windows XP. He has a very good performance for 4 years. But in recent days, some of the messages appeared, and suddenly, the computer restarts. and if she did ' t restart directly, she performed very bad (gel + slowly)
-
Hi, when I double click on DVD, it shows "this file has no program associated with it for performing this action. Create an association in the folders Option Control Panel ". This only happens with DVD-video. Other discs work very well. I can always