[ACS 5.2] Upgrade to ACS 5.4
Hello
We got 2 Cisco ACS 5.2.0.26.10.
Main server as authentication server and collector of newspaper
Secondary server as authentication server. The replication is configured.
I read the following guide: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/installation/guide/csacs_upg.html#wp1194934
"There are a few exceptions to this typical configuration, you can manage as described below:
If the primary Server 5.3 ACS also works as a newspaper collector in your deployment 5.3, you should promote one of the secondary servers in the first server in the deployment. See the promotion of a secondary to the primary server .
This exception is combined with my case. I promote my secondary server as primary.
I would have:
Secondary server as authentication server and collector of newspaper
Main server as authentication server
Now, I think I have to cancel the registration of secondary to the main server...
According to the guide, I upgrade the server of the newspaper collector.
"Step 1: select a secondary server to become a newspaper collector:
I don't have another secondary server...
What should I do now? (upgrade secondary/log Server? backend upgrade?...)
This guide assumes that I have 1 primary and 2 secondary...
I don't know what steps to follow...
Thanks for your help,
Patrick
You have an open requestes TAC and so you will get their orientation
Wil share still some general clarifiactions that I'm aware of when ranging from 5.2 to 5.4 ACS ACS
For the first step in the upgrade process, you want to upgrade the collector's journal since will the configuration data and M & T.
(1) if the ACS 5.2 log collector is a seconday should just remove from the deployment to make independent and then upgrade the server to be ACS 5.4. He will start the new ACS 5.4 main server (this is temporary and gets rectified at the end of the whole process)
(2) if the collector's journal is primary GBA 5.2 then promote a difference then collector journal is now secondary and can follow step 1)
At this point have a server on CSA 5.4 and rest on ACS 5.2. Can now begin to spend the rest of 5.2 to 5.4 ACS ACS servers (as guide says: "enter the secondary server for GBA 5.4 primary server '-c' is the main temporary server as described in step 1)
Once all servers are migrated then can select "primary long-term." as opposed to a temporary
this writing I see that it is hard to explain. Am sure that TAC will do better
Tags: Cisco Security
Similar Questions
-
upgrade ACS 5.3 5.4 fails
Hello
I try ACS 5.3.0.40 update to the new version 5.4.0.46. Everything looks ok:
ACS-machine / acsadmin # application upgrade ACS_5.4.0.46.tar.gz rep01
You want to save the current configuration? (yes/no) [Yes]?
Building configuration...
Save the configuration running at startup
Application of % CARS installation required post installation reboot...
Broadcast from root (pts/0) message (Thu Dec 6 23:36:41 2012):
The system is down for reboot NOW!
Successful application update
But the ACS (vmware instance) machine cannot be started with this result: Volume group 'smosvg' not found. (see attachment for details)
Any ideas?
--
Martin
Have you installed patch 8 on the 5.3.0.40 before moving to 5.4?
Maybe you run in CSCuc93106...
Edit:
Ehhmm... unlikely.
-
Hello.
I would like to upgrade our current ACS NT Terminalserver edition server to a Win2000 server. Since this upgrade requires a fresh installation (since a direct upgrade from NT 4 TS to w2k is not the best thing to do). My question is, do I have to do to ensure that I can keep my user database active? Is replication the answer? And replication will make a copy of all the different users/groups/routers etc etc. In other words, I'll be able to do this upgrade without too much trouble?
I speak here of a replication of the database, do not configure replication between servers ACS.
Here is the doc that will help you to do this
http://www.Cisco.com/univercd/CC/TD/doc/product/access/acs_soft/csacs4nt/csnt30/user/AE.htm
-
ACS 5.6.0.22.3 to 5.7.0.15.1 Server upgrade
Hi all
Can I upgrade my 5.6.0.22.3 to 5.7.0.15.1 ACS servers without applying the 5.6.0.22.4 patch?
Thank you.
Hey Pratik,
It is always advisable to upgrade to the latest patch before moving on to the next version.
Therefore, it would be advisable to install the patch 4 and then go to 5.7.
Kind regards
Aditya
Please evaluate the useful messages.
-
ACS 5.3 to 5.6 upgrade procedure
Can someone tell me how to upgrade ACS from 5.3 to 5.6. We need to install the patches available, or we can do it directly.
Help, please!
Kind regards
David
Hello Santosh,
Please see the Upgrade Guide.
http://www.Cisco.com/c/en/us/TD/docs/net_mgmt/cisco_secure_access_contro...
Let me know if you have any other doubts.
Kind regards
JAI Ganesh K
-
ACS 3.3 to 4.0 upgrade problems
Guys,
I have a Cisco ACS 3.3 running on a win2k platform server and I need to upgrade to ACS4.0 on win2k.
-3.3 backup and restoring files on web interface 4.0 does not work;
-the same operation using csutils.exe works not (csutil b [...], then csutil - r [...])
-J' installed the new machine with ACS3.3, I imported the data/group/user with csutil, then I installed ACS 4.0 using setup.exe. The result is that the ACS services will not start
Anyone know what I need to do?
Thank you
Rob
Hi Antonio,.
-3.3 backup and restoring files on web interface 4.0 do not work.
* It won't work, because in ACS we can back up and restore the database among same versions only of the ACS, also applies to replication.
-the same operation using csutils.exe works not (csutil b [...], then csutil - r [...])
* Answer will be the same as above.
-J' installed the new machine with ACS3.3, I imported the data/group/user with csutil, then I installed ACS 4.0 using setup.exe. The result is that the ACS services do not start.
* Normal this is if you hit a bug, that when we try to upgrade a database of ACS 3.3 (x) xx of ACS 4.0 build we have leak customer spaces AAA and/or servers writing AAA in databaae, and that can cause a problem. But we cannot not be hitting this bug.
How to upgrade:
[1] make sure we follow the path correct upgradation and supported:
http://www.Cisco.com/univercd/CC/TD/doc/product/access/acs_soft/csacs4nt/ACS40/rnwin401.htm#wp37488
[2] then follow following steps upgrade:
Summarizing link above, just run installation of ACS 4.0 on an existing installation of ACS 3.3, and the installation program will ask itself, to save the previous configuration, select Yes at this time.
Let me know if it helps. Please rate if this helps.
Kind regards
Rafael Lanna
-
Cisco Secure ACS 3.3 (1)->; 4.0 upgrade problems (1)
Hi all!
I have problems updating my primary ACS since version 3.3-> 4.0
I always get the following error message, then it does the upgrade:
"The record of the CiscoSecure ACS seems to be blocked by another application: C:\Program Files\CiscoSecure ACS v3.3.
Please close all applications... blabla... »
The thing is, I have improved my ACS backup first, and this upgrade worked like a charm.
In both cases, both for the primary and backup I do a takeover with Dameware remote, copied the ACS 4 folder on the hard disk of the server and make the upgrade of this folder.
As I said, the upgrade of backup server worked without a hitch.
That's what I tried:
1. I checked that NO application use the 3.3 ACS file and no Explorer window is open on this folder or subfolders.
I checked using a small program called Filemon.exe from Sysinternals. According to this program, anything accessed said folder.
I also checked it again by renaming actually ACS 3.3 file once I stop all services of the ACS. I could not rename the folder if the services have been started.
2. I tried to stop the ACS services first and then make the configuration, got the same error.
3. I have disabled the antivirus software, got the same error.
Basically I am at my wits end now...
However, I have two options:
1. uninstall ACS 3.3, do a clean install of ACS 4.0 and import the data of all the GBA backup.
Who would not raise by the primary association with the ACS configuration backup? So I think I will need to go on it later and make changes, if necessary?
2 make a backup of the ACS 3.3 with csutil b
Uninstall ACS 3.3, do a clean install of ACS 4.0 and import all the data with csutil - r
Would this work? I've seen conflicting information here in this forum, some say that it works, the other say it's not.
I'm a little confused why it worked so well the GBA backup but fails on the primary ACS.
Any help would be greatly appreciated!
Thank you!
Ivar Thorolfsson
Hello
Folder lock message often appears if newspapers located in the directory of the ACS are too big.
Move the logs of the following directories: -.
CSAdmin\Logs
CSAuth\Logs
CSDBSync\Logs
CSLog\Logs
CSMon\Logs
CSRadius\Logs
CSTacacs\Logs
Newspapers
Then try to upgrade.
Kind regards
Vivek
-
Greetings,
By opting for the ACS 3.2, all my settings and the securities will remain the same? If this isn't the case, I have a router connected to the server and I will get locked. I heard there is a specific order for the removal of the lines to avoid of locking me. Is this true?
Thank you
You will need to select the option "Yes, import the existing configuration", while improving the ACS software. Information on the upgrade of Cisco ACS software Preserving Configuration found in the documentation to
http://www.Cisco.com/univercd/CC/TD/doc/product/access/acs_soft/csacs4nt/ACS32/win32sig.htm#9934
-
No report of Directors GANYMEDE + after upgrading to 4.1 ACS
Hello
I was running ACS 4.0 demo version. Everything worked very well.
After the upgrade, and keep the old configuration, I can't see logs in the reports of the directors of GANYMEDE. I kept the configurations of the router and get the same thing, so I think that the problem lies in the ACS software.
I tested a few debug, and it seems that the router sends the command that is typed to the ACS.
Here is the config I have? m using:
AAA new-model
GANYMEDE-Server 192.168.X.X XXXXXXXXXXX host key
AAA authentication telnet connection group Ganymede + activate
enable console AAA authentication login
the AAA authentication enable default group Ganymede + activate
AAA accounting send stop-record an authentication failure
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 1 by default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
AAA accounting arrhythmic telnet connection group Ganymede +.
Line con 0
exec authorization no.-AUTH
console login authentication
line vty 0 4
exec authorization AUTH
authentication telnet connection
AUTH AAA authorization exec group Ganymede + none
AAA authorization config-commands
No.-AUTH AAA authorization exec no
AAA authorization commands 0 default group Ganymede + none
1 default AAA authorization commands group Ganymede + none
default 15 AAA authorization commands group Ganymede + none
Hello
It is a known issue, you must apply the hotfix ACS 4.1.1.23.5 to solve the problem.
Patch for the unit is available on
http://www.Cisco.com/cgi-bin/tablebuild.pl/ACS-Soleng-3DES
The patch name: ACS SE 4.1.1.23.5 rollup
Patch for windows acs is available on
http://www.Cisco.com/cgi-bin/tablebuild.pl/ACS-win-3DES
The patch name: ACS 4.1.1.23.5 rollup
That should solve the problem
Kind regards
Jagdeep
Note: If this answers your question, then please mark this thread as solved, so that others can benefit from.
-
Upgrading from 3.2 to 4.1 ACS ACS self.
I'm going to upgrade our system ACS ACS ACS 4.1 3.2 device. Our current ACS is a system Dell Windows 2000 server runs on both systems. I have a few questions.
1. is there a problem to move from a stand-alone system of 3.2 (?) to a 4.1 device? I am aware that I need first put to 3.3.
2. anyone who has tried to rename the new acs devices that same name and IP address as the previous devices? Have you experienced any problems?
3 is tehre any lessons learned? We're going to try to clean up the database as much as possible.
4. about how many time does the upgrade take? I mean, it was 2 or 3 hours?
Thank you
Dwane
Hi Sylvie,.
(1) No there is no problem of migration of windows of GBA GBA unit.
(2) Yes, you can keep the same name and IP address of the device of the CSA that you had it on the windows of the acs.
(3) just, make sure that you have a backup fom acs windows 3.2, just to be on the safe side, incase something goes wrong.
(4) on an average no more then 30 minutes.
Hope that helps!
Kind regards
~ JG
-
1. cisco ACS /Solution Engine, according to me, the dedicated device, unknown version)
2 cisco Security Manager 3.1
Are updates possible, or buy the latest version of the product is the only way out?
What do we need for the upgrade?
Are there specific codes or new need to buy new products?
In case of purchase of new products, which are the configurations?
Your response will be appreciated.
The GBA unit has been released with at least three different major versions - 3.x, 4.x and 5.x. If you have ACS 4.2 on a device of 1120, you can proceed to the last (5.3) on the same hardware. Anything else will be require a new device (or use a VM solution).
Please see guide to orders and the migration guide for this information.
For the CSM, to upgrade you would need to go to 3.3. First, then to the current version of CSM (4.2). The necessary licenses are described in this product bulletin.
It would probably be easier and more own just build a new facility in both cases. Architecture products both db schema have changed significantly. The SKU upgrade probably will save in licensing fees, even though the two products have undergone changes in how they are allowed.
Note that CSM will come out with a new version 4.3 more later this spring.
-
ACS 4.2 to 5.3/4 upgrade
All,
We will be upgrading our device ACS of a GBA running 1113 4.2 for a 3415 running ACS 5.3/4. From what I read, I will need to build a machine from migration. How this migration machine is set up?
Dave Draper
Migration from ACS 4.x to 5.4
Machine migration for the ACS 4.x will be a windows server, when you run the Migration utility.
NOTE: The Migrator does not support remote desktop connection. You must run the Migration utility on the migration machine or use VNC to connect the machine to the migration.
Jatin kone
-Does the rate of useful messages- -
Hello
We have an existing ACS running 4.1.4.13 and bought a new device running 4.1.1.23. I understand that for replicate that they must be the same version. Can someone please clarify 4.1.1.23 upgrade path? What I have to ask the TAC software or is it here -http://www.cisco.com/cgi-bin/tablebuild.pl/acs-soleng-3des ?
TIA
Some downloads/upgrades software Cisco requires additional access / valid Service contract. Using this contract would you give access to most of the tools and to encrypted software.
To learn more about the Cisco service contract to choose from the following options:
(a) contact your Cisco team account if you have a Direct purchase agreement.
(b) contact a Cisco partner or reseller to purchase a service contract:
http://Tools.Cisco.com/WWChannels/LOCATR/JSP/partner_locator.jsp
(c) use the Profile Manager to update your Cisco.com profile and request the association of the service agreement:
http://Tools.Cisco.com/RPF/profile/edit_entitlement.do?tab=3
(d) you can also contact your Cisco representative or Manager of Cisco accounts for more details
Cisco provides a warranty period, where you can get the software. However to gain access to the software, you need to contact TAC by using the following link http://tools.cisco.com/ServiceRequestTool/create/launch.do for further assistance. They would be able to help you the best.
-
How to apply for ACS 5.5 Upgrade License
We bought the license to upgrade ACS 5.5 (R-CSACS-55VMUP-K9 =). I read below the steps of the migration of 4.x to 5.5, I have found anywhere you need a licence. Is it really necessary?
In fact I intend to reconfigure all about ACS 5.5 from scratch. Can I use the license? or to buy a standard license to download GBA 5.5?
Since we have already purchased the upgrade license, can I 'pretend' to migrate an ACS 4.x and wipe it and redo the configuration, just to use the Upgrade License?
What is the best approach to get the job of license with decent cost?
Thank you
5.5 Cisco secure access control system migration guide
Using the Migration utility to migrate data to ACS 4.x for ACS 5.5http://www.Cisco.com/c/en/us/TD/docs/net_mgmt/cisco_secure_access_contro...
Hello Hujian. The "migration license" is the same as that of "standard". The only difference is that you put on it, since you already have ACS 4.x. If you were buying ACS 5.x today and you have not previously ACS then you would have been ineligible for migration license.
That being said, there isn't really a direct from 4.x to 5.x migration since the whole system has been rewritten. For example, as you know 4.x ran on Windows and did not require not a vs 5.x license runs on Linux and does not require a license. You can use the utility 'migration' to help you migrate some of the configurations but it does not migrate everything. I personally never liked to use it and always what you plan to do is build the new server from scratch :)
I hope this helps!
Thank you for evaluating useful messages!
-
Upgrade to 5.4 ACS and license
Hello Forum team!
We are in the process of upgrading to 4.2 ACS ACS 5.4 (virtual machine). The license file is migrated or a new upgrade license is required for the new platform?
Thank you for your support.
Kind regards
Hi there-
Before 5 ACS, no license key file / was necessary. Therefore, you will need to get one from Cisco when migrating over to 5.x and ask that it is generated for you.
For more information, take a look at this:
Thank you for evaluating useful messages!
-
Hello
I upgraded Cisco ACS 4.1 to 4.2, I device Cisco Access Control 1113, as soon as I upgraded I get error in newspapers failed
"Authentic session expired: challenge not supplied by the customer ', what is wring with that? Plesae help me
Thank you
I would really appriciate if mark you this topic as resolved so that the other can take advantage out of it.
Kind regards
Jousset
Maybe you are looking for
-
How to turn on when it is not automatically translate?
How turn on when it is not automatically enabled to translate? Visited a blog (RSS feeds) that did not Translate function.
-
Intel HD need display driver for my Satellite A660
I recently tried to use Windows Movie Maker, but get error message to say installed the driver Intel HD is blocked. (version 8.15.10.2014). When I try and update through the update Intel tells me can not be updated as manufacturer of operation has se
-
Skype is missing from the ringer option
Hi, I'm trying to understand what the problem with my Skype. The week last Skype has stopped playing sounds when I received incoming calls. All other sounds work always. The call can always be connected. All right, but it's a huge problem for me beca
-
reinstalled windows xp on dimension B110 need drivers to connect to internet
I recently reinstalled windows xp on dimension B110, but now I need drivers to connect to internet I can record on a disc and download on the computer is it possible? Could if so someone possibly post a link here for it so that I can get my poor comp
-
several vertical black lines trying to copy using automatic power HP Officejet Pro 8600 N911a
30 - 40 randomly spaced verical lines length of page when you try to copy using automatic feeder