ACS appliance upgrade: 3, 0000-11 to 5.0

Similar Questions

• 1113 ACS SE upgrade 4.0.1.44 to 4.1.1.24 not

  Hello

  I am looking for some assistance, we have a v4.0.1.44 running Cisco ACS 1113 SE and try to update to v.4.2.0.124 following the instructions to upgrade to v4.1.1.24 first.

  We use the following CD

  "ACS SE overall upgrade CD ACS 3.3.4 and 4,1,1,24 implemented at level"

  We can download the 4.1.1.24 image of the ACS system via the distribution server, but the upgrade fails us got out following console when the attempt to upgrade has been tried;

  Upgrade package has not been verified.

  Apply this package to upgrade may corrupt the device

  Continue at your own risk!

  Continue? -y (yes), n (no) y

  Installation of Cisco Secure ACS Version: 4.1.1.24

  The upgrade... Upgrade process successfully launched

  Try to install ACS version 4.1 on software version 4.0.1.44

  Impossible to install Acs version 4.1 with software version 4.0.1.44

  GBA version 4.1 required software version 4.0.1.44

  First install the correct version of the software of the device

  Failed to upgrade to Cisco Secure ACS to 4.1.1.24

  Currently, our unit of ACS is the following:

  Cisco Secure ACS 4.0.1.44

  ACS - 4.0.144 - EnablePassword -CSCsh32888 fix (patch: 4.0.1.44 Thursday, November 22, 2007 19:51:37.95)

  The 4.0.1.44 application management software

  Base Unit 4.0.1.2 image

  CSA build 4.0.1.543.2 (Patch: 4_0_1_543)

  That would welcome suggestions.

  Concerning

  Jim.

  Hello Jim

  The upgrade package consists of 2 - files that is the management software and ACS software. You must first upgrade management and then continue the ACS software.

  The instructions are attached. I would like to know how it works.

  Thank you

  Nelson

• ACS HELP upgrade

  Hi gurus,

  I have a GBA version 2.3 for NT Server 4.0 server.

  Now, we want to spend to WIN 2 K Server. Can we just buy the upgrade one. Which one? The upgrade package works for NT.4 too?

  Thank you very much

  HATO

  Hi Juli,

  ACS 2.5 is compatible to borth NT as a server win 2 k.

• Cisco ACS appliance takes long to start after initial config

  Hello

  I'll put up 2 ACS (1113 HW, SW 4.1) devices. After the initial configuration (IP address, admin pass etc.) and reboot, the devices do not seem to start or close the login prompt (even after a start of the night).

  What could be the problem with the device or my patience?

  Hello

  If you get something like from console windows,

  Then, make sure that you use less than 15 characters without spaces unit name.

  Kind regards

  Prem

• Connection attempts to ACS appliance - where to find?

  Our security team has detected the failure of authentication for multiple users on our unit of ACS. Usually, I try to failed attempts handled by the AEC for other systems that use for authentication RADIUS or GANYMEDE. Where GBA 5.4 find logs for users trying to actually connect to the device?

  TIA,

  Lee

  Date of arrival:

  Monitoring and reports

  > Reports

  > Catalog

  > Body of CSA

  > ACS administrator connections

• ACS appliance fails to recognize an installed certificate

  When I install a certificate from CA - Windows Server, following the procedure of "Wired Dot1x version 1.05 Config guide" (Document ID 64068) and the 'Guide user to ACS,' I have the following problem. If I want to change the "overall authentication settings', I get the warning"could not initialize the PEAP or EAP - TLS authentication protocol because the certificate authority is not installed. Install the certification authority using the ACS Certification Authority Setup page".

  But if I check "install Certificate", it is said that the certificate is installed correctly and it is also added to the "Configuration page of the authority.

  I already found the following in the as 4.1.4 release notes: "turn off the Security agent, reinstall the certificate in accordance with the procedure and then re - activate the security officer.

  I did it but I still have the same error, even if the security officer is disabled (I checked it in the console with the command 'show' and the CSA is off).

  Can someone help me how to recognize the installed certificate?

  P.S. I also see 2 devices in the AAA-server list:

  -ACS01 (the name I gave him in the initial configuration). This one has an IP address of the DHCP server, even if I said NOT to use a DHCP server, but a static IP!

  -Self: this one has the static IP I configured via the console...

  I can't remove one of the AAA servers. Is it normal that there are 2 servers?

  Bert,

  It seems that the certification authority that you have installed is damaged or poorly installed. I want do you is remove the certicate CA by using the MMC on windows in ACS and then reinstall it.

  You, too, need to install the certificate authority root in ACS. You can install the certificate authority root in System Configuration-> ACS certificate of installation-> ACS certificate authority installation.

  Also incase you use Verisign cert, you install VeriSign intermediate CA certificates.

  https://www.VeriSign.com/support/VeriSign-intermediate-CA/index.html

  Kind regards

  ~ JG

• ACS Appliance backup

  I have a new ACS 5.6 machine I want to save periodically. I went to the Administration of the system--> backups scheduled and configured two backups

  one to a local repository and the other on a TFTP server on the network

  For the TFTP server protocol I specified the folder on the server uses to the TFTP root (/ ACS) and provided a password for encryption.

  It is, it doesn't seem to work, and I don't see that anything is reports indicating if the system has attempted to save, if there is a failure, or why. I do not see an error about incremental backup of the purges without being configured, but that seems to be something different

  is there anything else I need to do?

  Instead, I would try an FTP or SFTP server. TFTP does not play well with larger files. If you do not already have an FTP/SFTP server you can try one of the free ones out there just to test and confirm. FreeFTPD is a free and very easy to use:

  http://www.FreeSSHd.com/

  Thank you for evaluating useful messages!

• ACS Appliance Agent remote problem

  Hello

  We have depending you on the situation:

  -2 x ACS SE

  -2 x ACS Agents on member servers remotely

  -2 x ASA

  We would like to authenticate the VPN users connecting to the ASA via the ACS and active directory.

  I have configured the remote agent following this link:

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/3.3/installation/guide/remote_agent/Rawi.html#wp289426

  But we are not able to pick up groups active directory to the AEC gui--> user external database > database group mappings > Active Directory > new Configuration.

  On the domain controller, we get the error ID 1030 and 1058, someone had these problems too?

  Thanks in advance and best regards

  Dominic

  Most likely, this is a Permission problem. What OS and SP you use.

  Have you tried to run the remote agent by using the LOCAL account instead of the service account that you created?

  Kind regards

  ~ JG

  Note the useful messages

• ACS appliance 4.2 - database replication internal problem

  HelloW

  I'm yunchoul jung in Korea

  now I'm setting up ACS unit 1113 ver4.2

  in internal, primary and secondary database replication server ACS cannot repliacate the database due to the configuration of SELF (127.0.0.1) by default in the configuration of the network.

  so I have a guestion, how do I replace 127.0.0.1 address to the ip address you want or delete SELF (127.0.0.1) address

  I don't understand a procedure of solution in the documentation below.

  Thank you for your help in advance

  Problem: 127.0.0.1 is a reserved address

  You have two units of the ACS SE 1113 and replicate the database internal from the primary to the secondary.

  but you notice this error message in the secondary unit:

  Replication of database of ACS denied - incompatibility of secret shared incoming

  When you try to change the key of course AAA under Network Configuration Server error message is

  returned.

  This is due to a known bug,

  Symptom: 127.0.0.1 address appears in ACS and the replication fails

  Conditions:

  Install Acs S/W version 4.2.0.124

  Disable the network adapter

  Enable network card

  * Go to the network settings page.

  * Should see the AA server IP to be a return loop

  Workaround solution:

  For windows: remove the 127.0.0.1 entry

  For the device: back up the database, install ACS on windows, restore, delete

  the entry, make a backup and restore on the device

  http://Tools.Cisco.com/support/BugToolKit/search/getBugDetails.do?caller=pluginredirector&method=fetchBugDetails&bugId=CSCso39795

  Kind regards

  ~ JG

  Note the useful messages

• ACS appliance multiple use of interface

  Is it possible for me to use both interfaces are available in the 1113 box? I want to connect these two interfaces to two separate network segments. I did find something specific in the Cosole except the fixed ip that would be only an interface unique config.

  Thank you

  You can use only one.

  Your system of 1113 Cisco integrated 10/100/1000 megabits - per second (Mbps) Ethernet connectors. ACS SE takes care of the operation of an Ethernet connector, but not the two connectors.

  For more check here

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.1/installation/guide/solution_engine/ovrvuap.html#wp1054065

• Cisco Secure ACS appliance - impossible to edit... Reason: The host no longer exists.

  Hi team,

  I have 2 camera which I am not able to remove a group of network devices home device.

  When I try to remove the device after error is thrown

  Impossible to edit INMUM-VPE-T1-3rdFloor-3750-S...  Reason: The host no longer exists.

  Running on Version: Cisco Secure ACS4.2.0.124

  One would come in all of these issues. someone knows the solution.

  Concerning

  Vineeth

  Hi Vineeth

  Yes, you can do through GUI.

  The GUI:

  1 ACS gui > network configuration > click on 'Search', then click 'Search' again.

  2. complete list of all network devices. On top, you will see an option "Download".

  Download the complete file.

  Let me know if it helps.

  Thank you

  Nelson Saha

• Upgrade to Cisco acs 1120 to 4.2.1.15 help

  Hi all

  I downgrade of cisco device 1120 DCC acs 4.2.0.124 5.0, I need to upgrade to acs 4.2.1.15. Is device 1120 cisco acs supports 4.2.1.15, how do I upgrade 4.2.0.124 4.2.1.15.

  There are any server distribution for the upgrade. Please suggest on this, thank you

  Yes, you can upgrade it to 4.2.1.15 and you can download the version from the link below listed;

  http://Tools.Cisco.com/Squish/d4e4A

  Here are the files you need to download:

  ACSse-Upgrade-Pkg-acs-v4.2.1.15-K9.zip

  ACSse-Upgrade-Pkg-appl-mng-v4.2.1.15-K9.zip

  : Note apply the upgrade of management first and then software update. ..

  Distribution server is a machine where you can download the patch on the Cisco Secure ACS Appliance, so if you download the version on your laptop and download then only one distributor (nothing special)

  Upgrade an application of 4.2.1.15

  http://www.Cisco.com/en/us/partner/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2.1/Installation_Guide/solution_engine/upgap.html#wp1148376

  I hope this helps.

  Rgds, jousset

  Note the useful posts ~

• ACS 3.2 on Win2k - upgrade from the replicated SACRED path

  Hi all

  I have 2 servers ACS 3.2 I want to upgrade to 4.2.1 the latest version before 5, as I understand.

  My question is about replication. Should I stop the replication of database and upgrade servers separately or not? Can I put the servers as replication of database is configured? If so, is there a specific order of upgrade?

  Thank you

  Jose

  Here the user guide.

  "All of the SACRED that is involved in replication must run the same version of the ACS software. For example, if the primary ACS is running ACS version 3.2, all secondary ACSS should run ACS version 3.2. Because patches can introduce significant changes to the internal database of GBA, we strongly recommend that ACSS involved in replication use the same patch level. »

  So, I suggest to turn off replication before upgrade. After all of the ACS are upgraded to the same version, you can enable replication again.

• 5.6 ACS authentication problem

  We are in the process of upgrading our ACS 4.1 for a 5.6 ACS appliance.

  The unit is installed on the network, etc. correctly licensed.

  I joined the ACS server to the AD domain without problem. I created a few local and external (AD) users for testing.

  I created a network (switch catalyst) as a Ganymede client device + and specified single-connect.

  When I SSH into the switch, I can connect using my AD user name and password, but I can't go into enable mode. It says "authentication failure".

  My aaa settings are

  radius-server host 172.25.50.8
  RADIUS-server timeout 3
  RADIUS-server application made
  radius-server key

  Miss me something somewhere, I don't know where. If I try and download the bundle to support ACS, it says download, but does not say where (or how).

  any advice would be great. I'm new to this product.

  See the document: http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-6/migration/guide/migration_guide/Migration_support.html#pgfId-1014889

• ACS issues update 4.2 to 4.2.1

  I have been instructed to upgrade our four ACS servers of

  4.2.1.15 to the latest version.  ACS servers are

  the applianced basis.  I went through the software download page

  from cisco.com and we found this file:

  cumulative (ACS SE 4.2.1.15.11 app/Acs_4.2.1.15.11.zip

  patch).

  Can anyone confirm if it is the download of the file more later/better

  the latest version 4.2 of material according to Cisco Secure ACS?

  For those who have upgraded to the latest version, you can

  Comment on your experience with the process of upgrading or

  ACS performance after upgrade?  Any questions/warnings on the

  process or performance after upgrade?

  Thanks in advance for any useful information that you can

  predict this?

  Adil

  I don't see installation step by step of the fix documented somewhere because the same by applying the upgrade and simple too. Here are the steps you need to perform.

  1. download the zip file patch for any PC which we will call the server upgrade or the distribution server.

  2 unzip the patch

  3. run autorun.bat (you will see a window ACS appliance update and it remains in the background.

  You will also see an another IE window lauch which you gives a place to put the host name or IP address of the device)

  4. Enter the name of host or IP address of the device and click on install.

  5. This will bring to the opening window of session for the ACS unit.

  6 log in to the TAS

  7. click on System Configuration

  8. click on upgrade the device status

  9. click on download

  10 enter the upgrade server IP address, then click on connect

  11. you will see the patch you are trying to install.  Click Download now

  12. click on download it again.

  13. click on apply the update

  14. click on the upgrade again.

  15. click on Yes

  16. click on Yes.

  17 click done.

  18. on the upgrade server, click 'stop the Distribution Server '.

  In order to stop csagent, go to system configuration > configuration of the device (I think)

  P.S. Please open a TAC case if you are not comfortable in the application of the hotfix.

  ~ BR
  Jatin kone

  * Does the rate of useful messages *.