ACS appliance upgrade: 3, 0000-11 to 5.0
We are running 2 ACS 1110 (?) devices with version 3, 0000-11 code. They are due to be upgraded to 2 new 1120 ACS ACS 5.0 devices. I looked around Cisco.com but can't find a guide step by step to such a way of upgrading.
My questions are:
- ACS 5.0 support direct upgrade to 3.3.3? By that I mean, is - it possible to take a backup of the old device file and restore it to the new?
- If not, what are the intermediate steps? I have to take the file from backup and restore to an intermediate version of ACS?
Thank you!
--
Wei
Hi Wei,
No, it does not support direct upgrade to 5.x. You need to upgrade to 4.1 or 4.2 and 5.1. I would say to work with TAC to get all the software needed to get the DB up to the version required for migration to 5.x.
Data can also be migrated.
Kind regards
~ JG
Note the useful messages
Tags: Cisco Security
Similar Questions
-
1113 ACS SE upgrade 4.0.1.44 to 4.1.1.24 not
Hello
I am looking for some assistance, we have a v4.0.1.44 running Cisco ACS 1113 SE and try to update to v.4.2.0.124 following the instructions to upgrade to v4.1.1.24 first.
We use the following CD
"ACS SE overall upgrade CD ACS 3.3.4 and 4,1,1,24 implemented at level"
We can download the 4.1.1.24 image of the ACS system via the distribution server, but the upgrade fails us got out following console when the attempt to upgrade has been tried;
Upgrade package has not been verified.
Apply this package to upgrade may corrupt the device
Continue at your own risk!
Continue? -y (yes), n (no) y
Installation of Cisco Secure ACS Version: 4.1.1.24
The upgrade... Upgrade process successfully launched
Try to install ACS version 4.1 on software version 4.0.1.44
Impossible to install Acs version 4.1 with software version 4.0.1.44
GBA version 4.1 required software version 4.0.1.44
First install the correct version of the software of the device
Failed to upgrade to Cisco Secure ACS to 4.1.1.24
Currently, our unit of ACS is the following:
Cisco Secure ACS 4.0.1.44
ACS - 4.0.144 - EnablePassword -CSCsh32888 fix (patch: 4.0.1.44 Thursday, November 22, 2007 19:51:37.95)
The 4.0.1.44 application management software
Base Unit 4.0.1.2 image
CSA build 4.0.1.543.2 (Patch: 4_0_1_543)
That would welcome suggestions.
Concerning
Jim.
Hello Jim
The upgrade package consists of 2 - files that is the management software and ACS software. You must first upgrade management and then continue the ACS software.
The instructions are attached. I would like to know how it works.
Thank you
Nelson
-
Hi gurus,
I have a GBA version 2.3 for NT Server 4.0 server.
Now, we want to spend to WIN 2 K Server. Can we just buy the upgrade one. Which one? The upgrade package works for NT.4 too?
Thank you very much
HATO
Hi Juli,
ACS 2.5 is compatible to borth NT as a server win 2 k.
-
Cisco ACS appliance takes long to start after initial config
Hello
I'll put up 2 ACS (1113 HW, SW 4.1) devices. After the initial configuration (IP address, admin pass etc.) and reboot, the devices do not seem to start or close the login prompt (even after a start of the night).
What could be the problem with the device or my patience?
Hello
If you get something like from console windows,
Then, make sure that you use less than 15 characters without spaces unit name.
Kind regards
Prem
-
Connection attempts to ACS appliance - where to find?
Our security team has detected the failure of authentication for multiple users on our unit of ACS. Usually, I try to failed attempts handled by the AEC for other systems that use for authentication RADIUS or GANYMEDE. Where GBA 5.4 find logs for users trying to actually connect to the device?
TIA,
Lee
Date of arrival:
Monitoring and reports
> Reports
> Catalog
> Body of CSA
> ACS administrator connections
-
ACS appliance fails to recognize an installed certificate
When I install a certificate from CA - Windows Server, following the procedure of "Wired Dot1x version 1.05 Config guide" (Document ID 64068) and the 'Guide user to ACS,' I have the following problem. If I want to change the "overall authentication settings', I get the warning"could not initialize the PEAP or EAP - TLS authentication protocol because the certificate authority is not installed. Install the certification authority using the ACS Certification Authority Setup page".
But if I check "install Certificate", it is said that the certificate is installed correctly and it is also added to the "Configuration page of the authority.
I already found the following in the as 4.1.4 release notes: "turn off the Security agent, reinstall the certificate in accordance with the procedure and then re - activate the security officer.
I did it but I still have the same error, even if the security officer is disabled (I checked it in the console with the command 'show' and the CSA is off).
Can someone help me how to recognize the installed certificate?
P.S. I also see 2 devices in the AAA-server list:
-ACS01 (the name I gave him in the initial configuration). This one has an IP address of the DHCP server, even if I said NOT to use a DHCP server, but a static IP!
-Self: this one has the static IP I configured via the console...
I can't remove one of the AAA servers. Is it normal that there are 2 servers?
Bert,
It seems that the certification authority that you have installed is damaged or poorly installed. I want do you is remove the certicate CA by using the MMC on windows in ACS and then reinstall it.
You, too, need to install the certificate authority root in ACS. You can install the certificate authority root in System Configuration-> ACS certificate of installation-> ACS certificate authority installation.
Also incase you use Verisign cert, you install VeriSign intermediate CA certificates.
https://www.VeriSign.com/support/VeriSign-intermediate-CA/index.html
Kind regards
~ JG
-
I have a new ACS 5.6 machine I want to save periodically. I went to the Administration of the system--> backups scheduled and configured two backups
one to a local repository and the other on a TFTP server on the network
For the TFTP server protocol I specified the folder on the server uses to the TFTP root (/ ACS) and provided a password for encryption.
It is, it doesn't seem to work, and I don't see that anything is reports indicating if the system has attempted to save, if there is a failure, or why. I do not see an error about incremental backup of the purges without being configured, but that seems to be something different
is there anything else I need to do?
Instead, I would try an FTP or SFTP server. TFTP does not play well with larger files. If you do not already have an FTP/SFTP server you can try one of the free ones out there just to test and confirm. FreeFTPD is a free and very easy to use:
Thank you for evaluating useful messages!
-
ACS Appliance Agent remote problem
Hello
We have depending you on the situation:
-2 x ACS SE
-2 x ACS Agents on member servers remotely
-2 x ASA
We would like to authenticate the VPN users connecting to the ASA via the ACS and active directory.
I have configured the remote agent following this link:
But we are not able to pick up groups active directory to the AEC gui--> user external database > database group mappings > Active Directory > new Configuration.
On the domain controller, we get the error ID 1030 and 1058, someone had these problems too?
Thanks in advance and best regards
Dominic
Most likely, this is a Permission problem. What OS and SP you use.
Have you tried to run the remote agent by using the LOCAL account instead of the service account that you created?
Kind regards
~ JG
Note the useful messages
-
ACS appliance 4.2 - database replication internal problem
HelloW
I'm yunchoul jung in Korea
now I'm setting up ACS unit 1113 ver4.2
in internal, primary and secondary database replication server ACS cannot repliacate the database due to the configuration of SELF (127.0.0.1) by default in the configuration of the network.
so I have a guestion, how do I replace 127.0.0.1 address to the ip address you want or delete SELF (127.0.0.1) address
I don't understand a procedure of solution in the documentation below.
Thank you for your help in advance
Problem: 127.0.0.1 is a reserved address
You have two units of the ACS SE 1113 and replicate the database internal from the primary to the secondary.
but you notice this error message in the secondary unit:
Replication of database of ACS
denied - incompatibility of secret shared incoming When you try to change the key of course AAA under Network Configuration Server error message is
returned.
This is due to a known bug,
Symptom: 127.0.0.1 address appears in ACS and the replication fails
Conditions:
Install Acs S/W version 4.2.0.124
Disable the network adapter
Enable network card
* Go to the network settings page.
* Should see the AA server IP to be a return loop
Workaround solution:
For windows: remove the 127.0.0.1 entry
For the device: back up the database, install ACS on windows, restore, delete
the entry, make a backup and restore on the device
Kind regards
~ JG
Note the useful messages
-
ACS appliance multiple use of interface
Is it possible for me to use both interfaces are available in the 1113 box? I want to connect these two interfaces to two separate network segments. I did find something specific in the Cosole except the fixed ip that would be only an interface unique config.
Thank you
You can use only one.
Your system of 1113 Cisco integrated 10/100/1000 megabits - per second (Mbps) Ethernet connectors. ACS SE takes care of the operation of an Ethernet connector, but not the two connectors.
For more check here
-
Hi team,
I have 2 camera which I am not able to remove a group of network devices home device.
When I try to remove the device after error is thrown
Impossible to edit INMUM-VPE-T1-3rdFloor-3750-S... Reason: The host no longer exists.
Running on Version: Cisco Secure ACS4.2.0.124
One would come in all of these issues. someone knows the solution.
Concerning
Vineeth
Hi Vineeth
Yes, you can do through GUI.
The GUI:
1 ACS gui > network configuration > click on 'Search', then click 'Search' again.
2. complete list of all network devices. On top, you will see an option "Download".
Download the complete file.
Let me know if it helps.
Thank you
Nelson Saha
-
Upgrade to Cisco acs 1120 to 4.2.1.15 help
Hi all
I downgrade of cisco device 1120 DCC acs 4.2.0.124 5.0, I need to upgrade to acs 4.2.1.15. Is device 1120 cisco acs supports 4.2.1.15, how do I upgrade 4.2.0.124 4.2.1.15.
There are any server distribution for the upgrade. Please suggest on this, thank you
Yes, you can upgrade it to 4.2.1.15 and you can download the version from the link below listed;
http://Tools.Cisco.com/Squish/d4e4A
Here are the files you need to download:
ACSse-Upgrade-Pkg-acs-v4.2.1.15-K9.zip
ACSse-Upgrade-Pkg-appl-mng-v4.2.1.15-K9.zip
: Note apply the upgrade of management first and then software update. ..
Distribution server is a machine where you can download the patch on the Cisco Secure ACS Appliance, so if you download the version on your laptop and download then only one distributor (nothing special)
Upgrade an application of 4.2.1.15
I hope this helps.
Rgds, jousset
Note the useful posts ~
-
ACS 3.2 on Win2k - upgrade from the replicated SACRED path
Hi all
I have 2 servers ACS 3.2 I want to upgrade to 4.2.1 the latest version before 5, as I understand.
My question is about replication. Should I stop the replication of database and upgrade servers separately or not? Can I put the servers as replication of database is configured? If so, is there a specific order of upgrade?
Thank you
Jose
Here the user guide.
"All of the SACRED that is involved in replication must run the same version of the ACS software. For example, if the primary ACS is running ACS version 3.2, all secondary ACSS should run ACS version 3.2. Because patches can introduce significant changes to the internal database of GBA, we strongly recommend that ACSS involved in replication use the same patch level. »
So, I suggest to turn off replication before upgrade. After all of the ACS are upgraded to the same version, you can enable replication again.
-
5.6 ACS authentication problem
We are in the process of upgrading our ACS 4.1 for a 5.6 ACS appliance.
The unit is installed on the network, etc. correctly licensed.
I joined the ACS server to the AD domain without problem. I created a few local and external (AD) users for testing.
I created a network (switch catalyst) as a Ganymede client device + and specified single-connect.
When I SSH into the switch, I can connect using my AD user name and password, but I can't go into enable mode. It says "authentication failure".
My aaa settings are
radius-server host 172.25.50.8
RADIUS-server timeout 3
RADIUS-server application made
radius-server keyMiss me something somewhere, I don't know where. If I try and download the bundle to support ACS, it says download, but does not say where (or how).
any advice would be great. I'm new to this product.
See the document: http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-6/migration/guide/migration_guide/Migration_support.html#pgfId-1014889
-
ACS issues update 4.2 to 4.2.1
I have been instructed to upgrade our four ACS servers of
4.2.1.15 to the latest version. ACS servers are
the applianced basis. I went through the software download page
from cisco.com and we found this file:
cumulative (ACS SE 4.2.1.15.11 app/Acs_4.2.1.15.11.zip
patch).
Can anyone confirm if it is the download of the file more later/better
the latest version 4.2 of material according to Cisco Secure ACS?
For those who have upgraded to the latest version, you can
Comment on your experience with the process of upgrading or
ACS performance after upgrade? Any questions/warnings on the
process or performance after upgrade?
Thanks in advance for any useful information that you can
predict this?
Adil
I don't see installation step by step of the fix documented somewhere because the same by applying the upgrade and simple too. Here are the steps you need to perform.
1. download the zip file patch for any PC which we will call the server upgrade or the distribution server.
2 unzip the patch
3. run autorun.bat (you will see a window ACS appliance update and it remains in the background.
You will also see an another IE window lauch which you gives a place to put the host name or IP address of the device)
4. Enter the name of host or IP address of the device and click on install.
5. This will bring to the opening window of session for the ACS unit.
6 log in to the TAS
7. click on System Configuration
8. click on upgrade the device status
9. click on download
10 enter the upgrade server IP address, then click on connect
11. you will see the patch you are trying to install. Click Download now
12. click on download it again.
13. click on apply the update
14. click on the upgrade again.
15. click on Yes
16. click on Yes.
17 click done.
18. on the upgrade server, click 'stop the Distribution Server '.
In order to stop csagent, go to system configuration > configuration of the device (I think)
P.S. Please open a TAC case if you are not comfortable in the application of the hotfix.
~ BR
Jatin kone* Does the rate of useful messages *.
Maybe you are looking for
-
Button ThinkPad 8 Windows has stopped working
All of a sudden the Windows button has stopped working (no haptic feedback). The Tablet works otherwise, I can always power on it by the power button / stop. Unfortunately, the button power seems to be fragile and probably collapses when it is used o
-
How can I order a calendar with information for different countries
In the past, I was able to create a calendar and then order different versions of information for different countries. I can't find this option now. It has been deleted? If this is not the case, how can I do?
-
NOR-DAQmx: nicrtsiu.dll not an Image Windows validates when you use DAQmx features
Hi all... I had the problem using nor-daqmx in Labview... When not to use Ni-DAQmx, I have not had any problems using it So, try to use one of the NI Daqmx works. She appeared a message "The application or DLL C:\WINDOWS\system32\nicrtsiu.dll is not
-
This is first time trying to send attachments (if that's what I'm supposed to do with the scanned documents) digitized images and documents. I started an email and click on the attachments, but?
-
Pavilion m7567c: no hp 7567
So just an update I tried to see what has increased, and when I click on the "speaker" icon it happens "no output device is installed" any help would be greatly appreciated. Thank you