ACS Appliance backup

I have a new ACS 5.6 machine I want to save periodically. I went to the Administration of the system--> backups scheduled and configured two backups

one to a local repository and the other on a TFTP server on the network

For the TFTP server protocol I specified the folder on the server uses to the TFTP root (/ ACS) and provided a password for encryption.

It is, it doesn't seem to work, and I don't see that anything is reports indicating if the system has attempted to save, if there is a failure, or why. I do not see an error about incremental backup of the purges without being configured, but that seems to be something different

is there anything else I need to do?

Instead, I would try an FTP or SFTP server. TFTP does not play well with larger files. If you do not already have an FTP/SFTP server you can try one of the free ones out there just to test and confirm. FreeFTPD is a free and very easy to use:

http://www.FreeSSHd.com/

Thank you for evaluating useful messages!

Tags: Cisco Security

Similar Questions

ACS appliance upgrade: 3, 0000-11 to 5.0

We are running 2 ACS 1110 (?) devices with version 3, 0000-11 code. They are due to be upgraded to 2 new 1120 ACS ACS 5.0 devices. I looked around Cisco.com but can't find a guide step by step to such a way of upgrading.

My questions are:
1. ACS 5.0 support direct upgrade to 3.3.3? By that I mean, is - it possible to take a backup of the old device file and restore it to the new?
2. If not, what are the intermediate steps? I have to take the file from backup and restore to an intermediate version of ACS?
Thank you!

--

Wei

Hi Wei,

No, it does not support direct upgrade to 5.x. You need to upgrade to 4.1 or 4.2 and 5.1. I would say to work with TAC to get all the software needed to get the DB up to the version required for migration to 5.x.

Data can also be migrated.

Kind regards

~ JG

Note the useful messages

ACS appliance 4.2 - database replication internal problem

HelloW

I'm yunchoul jung in Korea

now I'm setting up ACS unit 1113 ver4.2

in internal, primary and secondary database replication server ACS cannot repliacate the database due to the configuration of SELF (127.0.0.1) by default in the configuration of the network.

so I have a guestion, how do I replace 127.0.0.1 address to the ip address you want or delete SELF (127.0.0.1) address

I don't understand a procedure of solution in the documentation below.

Thank you for your help in advance

Problem: 127.0.0.1 is a reserved address

You have two units of the ACS SE 1113 and replicate the database internal from the primary to the secondary.

but you notice this error message in the secondary unit:

Replication of database of ACS denied - incompatibility of secret shared incoming

When you try to change the key of course AAA under Network Configuration Server error message is

returned.

This is due to a known bug,

Symptom: 127.0.0.1 address appears in ACS and the replication fails

Conditions:

Install Acs S/W version 4.2.0.124

Disable the network adapter

Enable network card

* Go to the network settings page.

* Should see the AA server IP to be a return loop

Workaround solution:

For windows: remove the 127.0.0.1 entry

For the device: back up the database, install ACS on windows, restore, delete

the entry, make a backup and restore on the device

http://Tools.Cisco.com/support/BugToolKit/search/getBugDetails.do?caller=pluginredirector&method=fetchBugDetails&bugId=CSCso39795

Kind regards

~ JG

Note the useful messages

ACS SE backup private key

How to back up the private key of the ACS SE. I have the public key certified by a commercial CA already and you don't want to waste money spent in the purchase of the certificate. Reason I want because I'm getting following error on the console and backup services have stopped.

"Before called API initialized to H:\ismg_israel_acs\Acs\EndPoint\Core\endpoint.c.

pp:394 ".

===============

Cisco Secure ACS: 4.1.4.13

The application management software: 4.1.4.13

Base Unit image: 4.1.1.4

CSA build 4.0.1.543.2: (Patch: 4_0_1_543)

==========

CSAdmin - arrested

CSAuth - arrested

CSDbSync - arrested

Case - stop

CSMon - from

CSRadius - from

CSTacacs - shut down

===================

Can I use the backup feature? It also backs up the private key?

Maury,

Unfortunately, there is no way to export just the private key and the certificate.

which can be re-imported in the ACS. There was a request in this regard

feature to allow the export of private keys and certificates for the purposes of backup. Is the bug ID: CSCed14965.

http://www.Cisco.com/cgi-bin/support/Bugtool/onebug.pl?BugID=CSCed14965

However, what you can do, is make a backup of the database. This will save the registry

that includes the certificate and the private key. Then, you can restore this backup file

on a new machine and choose to restore the part of the System Configuration. This will restore

the certificate and the private key in the certificate of the CSA page.

Hope that helps

Kind regards

~ JG

Note the useful messages

Cisco ACS appliance takes long to start after initial config

Hello

I'll put up 2 ACS (1113 HW, SW 4.1) devices. After the initial configuration (IP address, admin pass etc.) and reboot, the devices do not seem to start or close the login prompt (even after a start of the night).

What could be the problem with the device or my patience?

Hello

If you get something like from console windows,

Then, make sure that you use less than 15 characters without spaces unit name.

Kind regards

Prem

Connection attempts to ACS appliance - where to find?

Our security team has detected the failure of authentication for multiple users on our unit of ACS. Usually, I try to failed attempts handled by the AEC for other systems that use for authentication RADIUS or GANYMEDE. Where GBA 5.4 find logs for users trying to actually connect to the device?

TIA,

Lee

Date of arrival:

Monitoring and reports

> Reports

> Catalog

> Body of CSA

> ACS administrator connections

ACS appliance fails to recognize an installed certificate

When I install a certificate from CA - Windows Server, following the procedure of "Wired Dot1x version 1.05 Config guide" (Document ID 64068) and the 'Guide user to ACS,' I have the following problem. If I want to change the "overall authentication settings', I get the warning"could not initialize the PEAP or EAP - TLS authentication protocol because the certificate authority is not installed. Install the certification authority using the ACS Certification Authority Setup page".

But if I check "install Certificate", it is said that the certificate is installed correctly and it is also added to the "Configuration page of the authority.

I already found the following in the as 4.1.4 release notes: "turn off the Security agent, reinstall the certificate in accordance with the procedure and then re - activate the security officer.

I did it but I still have the same error, even if the security officer is disabled (I checked it in the console with the command 'show' and the CSA is off).

Can someone help me how to recognize the installed certificate?

P.S. I also see 2 devices in the AAA-server list:

-ACS01 (the name I gave him in the initial configuration). This one has an IP address of the DHCP server, even if I said NOT to use a DHCP server, but a static IP!

-Self: this one has the static IP I configured via the console...

I can't remove one of the AAA servers. Is it normal that there are 2 servers?

Bert,

It seems that the certification authority that you have installed is damaged or poorly installed. I want do you is remove the certicate CA by using the MMC on windows in ACS and then reinstall it.

You, too, need to install the certificate authority root in ACS. You can install the certificate authority root in System Configuration-> ACS certificate of installation-> ACS certificate authority installation.

Also incase you use Verisign cert, you install VeriSign intermediate CA certificates.

https://www.VeriSign.com/support/VeriSign-intermediate-CA/index.html

Kind regards

~ JG

ACS Appliance Agent remote problem

Hello

We have depending you on the situation:

-2 x ACS SE

-2 x ACS Agents on member servers remotely

-2 x ASA

We would like to authenticate the VPN users connecting to the ASA via the ACS and active directory.

I have configured the remote agent following this link:

http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/3.3/installation/guide/remote_agent/Rawi.html#wp289426

But we are not able to pick up groups active directory to the AEC gui--> user external database > database group mappings > Active Directory > new Configuration.

On the domain controller, we get the error ID 1030 and 1058, someone had these problems too?

Thanks in advance and best regards

Dominic

Most likely, this is a Permission problem. What OS and SP you use.

Have you tried to run the remote agent by using the LOCAL account instead of the service account that you created?

Kind regards

~ JG

Note the useful messages

ACS appliance multiple use of interface

Is it possible for me to use both interfaces are available in the 1113 box? I want to connect these two interfaces to two separate network segments. I did find something specific in the Cosole except the fixed ip that would be only an interface unique config.

Thank you

You can use only one.

Your system of 1113 Cisco integrated 10/100/1000 megabits - per second (Mbps) Ethernet connectors. ACS SE takes care of the operation of an Ethernet connector, but not the two connectors.

For more check here

http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.1/installation/guide/solution_engine/ovrvuap.html#wp1054065

Cisco Secure ACS appliance - impossible to edit... Reason: The host no longer exists.

Hi team,

I have 2 camera which I am not able to remove a group of network devices home device.

When I try to remove the device after error is thrown

Impossible to edit INMUM-VPE-T1-3rdFloor-3750-S... Reason: The host no longer exists.

Running on Version: Cisco Secure ACS4.2.0.124

One would come in all of these issues. someone knows the solution.

Concerning

Vineeth

Hi Vineeth

Yes, you can do through GUI.

The GUI:

1 ACS gui > network configuration > click on 'Search', then click 'Search' again.

2. complete list of all network devices. On top, you will see an option "Download".

Download the complete file.

Let me know if it helps.

Thank you

Nelson Saha

ACS 5.3.0.40 backup failed to complete on request.

Hello

I have GBA 5.3.0.40 secondary primary authenticators, who stopped the scheduled backup.

When enabled the:

Configuration of the analysis > Operation system > Data management > Removal and backup

> Incremental, it had changed to OFF mode. without any reason.

The same thing was also observed earlier.

I did the

Incremental backup on IT and offers the

See Backup complete now. But he was not successful and reported an error:

FullBackupOnDemand-Job incremental backup utility system Fri 28 Dec 11:56:57 IST 2012 Incremental Backup Failed: CARS_APP_BACKUP_FAILED:-404: backup error impossible Application

Later, I made the stop/start "view-jobmanager" acs and launched the full backup of the application, but no luck, same error reported this time too.

At the a side to such type of /problem of error reported, please let me know the solution.

Thank you best regards &.

Can run the next command in the CLI to see the specific failure of cause:

SH logging application acs | include backup

Restoration of a Cisco ACS Windows 3.3 to a problem of acs 3.3 applicance

Hello

I have now built an ACS appliance and trying to restore the current configuration and the database on the windows machine. When I run the restoration on the GBA unit, it says it restores but does it again an hour later. Then when I reboot the box, I get a connection message invalid admin and need to reset it using the cd.

Everyone comes through this?

How to solve it?

See you soon

KeV

Kevin,

Has he any security set to windows backup, that is to say 'allow all IP addresses' to connect to the Admin user?

If you try from another computer you same message?

~ JG

Migration of ACS of the device to windows server

Hello

Is it possible to migrate the ACS 4.2 device to microsoft server 2003?

has tried it before?

R/g

There is no problem to migrate from the device of the CSA to ACS for windows.

If you wish to do this, it is best that your ACS for window running the same version of the code in form of ACS appliance.

You can do a backup on device ACS and restore it on ACS for windows.

ACS 5.2 design issues

Is it possible to have my managed network ACS Appliance (CSACS-1121-K9) 5.2 as primary and an ACS Server 5.2 VMWare (CSACS - 5.2 - VM - K9) as secondary? I have problems with basic license?

Otherwise if I plan to run servers ACS 5.2 VMWare are my primary and secondary. Should I buy 1 or 2 VMWare Software (s) (CSACS - 5.2 - VM - K9)?

We currently have a device of 4.2 ACS on a platform of 1113, is there any option for ACS 5.2 upgrade device or ACS 5.2 VMWare Server? The ordering Guide indicates that he's upgraded options like, CSACS-1121-UP-K9 & CSACS-5.2 - VM-UP-K9 to upgrade from previous versions. But the Migration Document, said that the ACS4.x device must be restored to a windows ACS4.x server before migration and backup. This does not seem like an easy migration. Is there another solution?

http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_system/5.2/migration/guide/Migration_support.html#wp1016086

Is the new ISE product better for AAA / GANYMEDE + or I should have a separate ACS for AAA?

Thanks in advance.

Jenny,

Here's the answer to your questions:

Is it possible to have my managed network ACS Appliance (CSACS-1121-K9) 5.2 as primary and an ACS Server 5.2 VMWare (CSACS - 5.2 - VM - K9) as secondary?

Yes

I have problems with basic license?

NO.

Otherwise if I plan to run servers ACS 5.2 VMWare are my primary and secondary. Should I buy 1 or 2 VMWare Software (s) (CSACS - 5.2 - VM - K9)?

This is just sku which included another license that you purchase. You don't buy the software from us, license only. You can download more likey the software from cisco website.

We currently have a device of 4.2 ACS on a platform of 1113, is there any option for ACS 5.2 upgrade device or ACS 5.2 VMWare Server?

You answered your question on this one, there are an involved migration process that converts your old base of 4.2 to 5.2, take into account the fact that migration migrates only the hard parts such as: groups of network devices, internal users, ldap database configurations, network devices, sets of shell commands, to name a few. You will need to reconfigure the authorization policies since acs 5.2 takes on a different model of acs 4.x.

But the Migration Document, said that the ACS4.x device must be restored to a windows ACS4.x server before migration and backup. This does not seem like an easy migration. Is there another solution?

This isn't a bad solution, all you have to do is to deploy another server windows just to run acs for windows on, and then you use vnc to walk through the migration process. You will need to open a folder of tac for a person to publish the installation files and patches to put you on the same version.

Is the new ISE product better for AAA / GANYMEDE + or I should have a separate ACS for AAA?

ISE is a new product that migrates only 5.x databases. Right now ISE 1.0 not Ganymede support.

Cisco Secure ACS 3.3 (1)-> 4.0 upgrade problems (1)

Hi all!

I have problems updating my primary ACS since version 3.3-> 4.0

I always get the following error message, then it does the upgrade:

"The record of the CiscoSecure ACS seems to be blocked by another application: C:\Program Files\CiscoSecure ACS v3.3.

Please close all applications... blabla... »

The thing is, I have improved my ACS backup first, and this upgrade worked like a charm.

In both cases, both for the primary and backup I do a takeover with Dameware remote, copied the ACS 4 folder on the hard disk of the server and make the upgrade of this folder.

As I said, the upgrade of backup server worked without a hitch.

That's what I tried:

1. I checked that NO application use the 3.3 ACS file and no Explorer window is open on this folder or subfolders.

I checked using a small program called Filemon.exe from Sysinternals. According to this program, anything accessed said folder.

I also checked it again by renaming actually ACS 3.3 file once I stop all services of the ACS. I could not rename the folder if the services have been started.

2. I tried to stop the ACS services first and then make the configuration, got the same error.

3. I have disabled the antivirus software, got the same error.

Basically I am at my wits end now...

However, I have two options:

1. uninstall ACS 3.3, do a clean install of ACS 4.0 and import the data of all the GBA backup.

Who would not raise by the primary association with the ACS configuration backup? So I think I will need to go on it later and make changes, if necessary?

2 make a backup of the ACS 3.3 with csutil b

Uninstall ACS 3.3, do a clean install of ACS 4.0 and import all the data with csutil - r

Would this work? I've seen conflicting information here in this forum, some say that it works, the other say it's not.

I'm a little confused why it worked so well the GBA backup but fails on the primary ACS.

Any help would be greatly appreciated!

Thank you!

Ivar Thorolfsson

Hello

Folder lock message often appears if newspapers located in the directory of the ACS are too big.

Move the logs of the following directories: -.

CSAdmin\Logs

CSAuth\Logs

CSDBSync\Logs

CSLog\Logs

CSMon\Logs

CSRadius\Logs

CSTacacs\Logs

Newspapers

Then try to upgrade.

Kind regards

Vivek

ACS Appliance backup

Similar Questions

Maybe you are looking for