Application of redundant ACS.
Hi all! I want to use 2 x ACS for authentication services. My question is, you can configure the ACS to a change of configuration made an ACS is replicated on the other (similar to the CallManager Publisher concept and the customer). I want the ACS 2 x are identical (with the exception of the IP address, etc.) and for ease of management, I want any changes to be made automatically to other GBA. Is it possible!
Yes, it is possible.
Under the System Configuration
CiscoSecure Database Replication
Under the Network Configuration, you must add the other server under AAA servers.
Tags: Cisco Security
Similar Questions
-
secondary ACS 5.1 fails to cancel the registration, after IP change on primary
IP address of primary education had to be modified, in response to a hardware failure of the RADIUS server with the intellectual property in several configs device.
Now school is unresponsive to repeated requests "Cancel registration of the primary", even after reloading.
apparently because he can't reach the primary to the old IP address.
Asking to cancel the registration in the GUI generates pop-up that says: "this operation will remove this Instance ACS of the primary Instance.
On this instance of the CSA management applications will be restarted and you will need to identify yourself again. After you perform this operation
Please wait five minutes for this restart complete.
Do you want to continue? » [OK]
But checking back after 10 minutes - or even the next day - find status of secondary education unchanged.
Also tried in Local Mode, cancel the registration of the primary; This operation also fails.
Does anyone have the URL HOWTO on a total reconstruction of the application of GBA?
The two ACS are PCA-1121-K9 5.1.0.44.4 running.
Thanks in advance for any help...
UPDATE: *.
Command, has recommended "application reset-config acs", has been _exactly_ what was needed.
jrabinow - thanks a lot! :-)
also, thanks for mentioning that the licence would be required, so that I could locate in advance and have it ready.
Since there is no local CERT on the server, we should not re - install those.
Since it is a secondary antibody that it should not have too much in terms of specific configuration
Therefore, one possibility is to reset the configuration, so once more, it becomes just a stand-alone node and then that to the deployment as it is for any new node and as you saved it until
Reset configuration can be done using the following command in the CLI:
rebate to zero-config CSA
Note that after resetting the configuration you will need to reinstall the license so make sure that you have it handy
So if you installed a certificate server to the secondary server, you have that too
-
reinstallation of the server Cisco ACS CSACS-1121
How can I reinstall the ACS server? This is the new installation, after installation is complete it may not work properly
ACS / admin # acs reset-config
Stub library could not be opened
libCARSAcsCtrlCli.so: cannot open shared object file: no such file or directory *.
ACS / admin # display the version of the acs application
% Error finding application version information: acs
ACS / admin # display application
blank screen
How can I reinstall it?
Hello
If you have the ACS 1121 device, you'll need the DVD to reinstall the recovery software is available from the Cisco page:
Download software > Products > Security > identity management > Cisco Secure Access Control System > Cisco Secure Access Control System 5.3
It is the name of the file:
ACS_v5.3.0.40.ISO
Here are the instructions for resettlement or reimage:
The 'acs reset-config' command removes only the configuration of the ACS GUI, but it is not re - install the software.
Rate if this can help!
-
ACS 5.3 - change device group or location error
I am trying to move a device from the default location to a subgroup and get the following message when I try (be it with IE or Firefox)
This failure has occurred: Index: 0, size: 0. your changes have not been saved. Click OK to return to the list page.
It also gives me the same error if I try to change the default device for a subgroup. I don't know that I could do before. The construction of the ACS is (installing VMWARE):
Deploying applications engine Cisco OS version: 1.2
ADE-OS Build Version: 1.2.0.228
ADE-OS System Architecture: i386Copyright (c) 2005-2009 by Cisco Systems, Inc.
All rights reserved.
HostName: ACS1Version information for the installed applications
---------------------------------------------Cisco ACS VERSION INFORMATION
-----------------------------
Version: 5.3.0.40
The identifier for the internal version: B.839I'm he suspect a problem reading/writing with the database or a corruption of the database. Can someone enlighten me on how to fix it please?
I stopped and started the acs application via the console application status and see the acs has this to say about himself.
ACS1 / admin # display the status of the acs application
Role of the ACS: PRIMARY
Process of database ' ' running
'Management' running process
'Runtime' running process
"View-database" running process
"View-jobmanager' running process
"View-alertmanager' running process
"Notice-collector' running process
"View-logprocessor' running processMel
Does this happen to small number of network devices or the entire
If the former, then I found the following CDETS
CSCtw59271 Corruption of device random network after upgrade of ACS 5.2 to 5.3
Which includes the following workaround solution
Symptom 1: Remove and re-add the AAA client
Symptom 2: changing the secret shared GANYMEDE + of the network device, enter the same key again and save the network device.
> Use when GANYMEDE + has been used
There are a few important fixes related to the upgrade of issues in patch 5 and later versions for ACS 5.3. While they didn't wear on NDs, I recommend not to install this patch
-
Hi all
We have just upgarded our ACS environment to the latest patch
(5.3.0.40.8) between-5 and -8, it has not installed a patch as you can see below.
--> question: do we need (or recommended) to install all the patches, including the 6 and 7, or the will one covers all the patches?
See the version of the acs application
Cisco ACS VERSION INFORMATION
-----------------------------
Version: 5.3.0.40.8
The identifier for the internal version: B.839
Patches:
5-3-0-40-1
5-3-0-40-2
5-3-0-40-3
5-3-0-40-5
5-3-0-40-8
Thank you
Stefan
Hello Stefan,
These hotfixes are cumulative. Each path includes all the fixes that were included in previous patches for the version.
This information comes from the release notes:
This is a patch for the ACS 5.3.0.40 version. ACS 5.3.0.40 must be installed before you install this hotfix. So the answer is that you need not install the patches of 6/7.
Please evaluate the useful messages
Best regards
Eugene
-
Automatically restart vi Express following error
Another newbie question, I'm afraid...
I am writing an application that will spool the data in a spreadsheet for a period of time which may turn out to be several weeks or months. I have stated the application of redundant data to ensure that I could survive a power failure in the quite inevitable cases where it occurs in that time.
Which is all went well, now that I have worked at several problems with the formatting of data, so I put the program in place through a trial period last week and (Fortunately, I suppose) the power exploded. Since the vi runs on a laptop, the battery kept things up that power relit, and the vi never stop. However, because the hardware logged a loss of power (unlike my example below, the material uses a cDaq chassis), the program threw a pattern of error and things unmanaged stopped, waiting for user input before allowing data collection to restart.
I'm looking for a way to handle errors, then, such that they will not stop the program from running. Instead, I just want to go to a routine that waits for a bit and then resets the Express vi, management errors that are likely to be out error even once if the power of the material is always off. I use a method that would make a controls programmer scream machine, but for the most part I just watched part of the status of the error on the cluster, commissioning an indicator if a fault is detected and also some time of start of loop that contains nothing other than a timer. It seems to work for most; It allows, at least, the vi to continue to operate without crashing when I pull the plug on my USB-6008, which runs behind the Express DAQ.
When I plug the device back in, however, the State of the loop resets (if I have the probe in the schema it reads, 'FALSE') but does not restart the acquisition of data Express and the ERROR indicator does not clear.
I'm guessing that there is a very simple way to update the status in a way that the elements of program downstream can see, but do not know. Any ideas?
Thank you
Danielle
In the user dialog functions, there is a function of manifest error that you could put in the delay loop... You can add a constant error to create in the error in the DAQ thing... maybe that would...
If you want to get real cute... can take the case of the error and decluster the error to another business that manages the specific error number... Use the handeling General error function and set it to clear the error when it matches the number you get when the system breaks down... Or just delete all of them and see what happens.
Sorry... I have no data acquisition on the machine, here, try it.
Hope that helps.
Hummer1
-
I'm trying to upgrade my ACS 1120 5.0.21 to 5.1, but if I understand well I pay first patch 5-0-0-21 - 9.tar.gpg. I use the web interface with the CSA and I'm browseing recover from the Client to the file 5-0-0-21 - 9.tar.gpg to choose and then apply the upgrade. When im able Séverine to back in what I see in the management of distributed system is updated in progress. How will I know that it works? Ho metric should I wait before restarting the box or simply cancel the update? I am doing this correctly?
I followed the procedure described in the following link for the upgrade from 5.0 to 5.1 without any problem.
I suggest you use the command-line instead of GUI.
If you can connect to the device via ssh, you can use 'show worm' to see if the hotfix has been installed properly.
acs5fcs / admin # sh ver
Cisco Application Deployment Engine OS version: 1.1 Build Version: 1.1.0.416 Copyright (c) 2005-2008 by Cisco Systems, Inc.
All rights reserved.
HostName: acs5fcsVersion information for the installed applications
---------------------------------------------Cisco ACS VERSION INFORMATION
-----------------------------
Version: 5.0.0.21
The identifier for the internal version: B.2757
Patches:
5.0.0.21.9
Patch installedacs5fcs / admin #.
-
Hi all
I know that GBA replicates the entire base of primary secondary and not vice versa... My scenario is:
ACS main breaks down, and the secondary takes over... now, all adding user etc, is done on the ACS secondary... now, when the primary comes back once again, will it overwrite the secondary database and should we recreate the configs? or what secondary GBA replicates its data to the primary? its a little confusing!
I have I'll do the ACS replication in a few days and wanted to be really sure of that.
REDA
Hello
If you configure a redundant ACS server as secondary.
All the primary databases will be replicated to secondary education.
As you said what if secondary caught takes over and Setup takes place on the secondary.
He will be on the primary. depends on how you configure.
check that there is the possibility to send and receive.
This link will be helpful for you.
http://www.Cisco.com/en/us/products/sw/secursw/ps2086/prod_configuration_examples_list.html
-
ACS5.3: stopped working https access
For some reason I can't get more access to the web interface of our ACS 5.3 apparatus.
Where I used to get a certificate warning first, and after that the ACS5 login screen, I now get totally unanswered more in my IE browser.
However, I can telnet to port 443 of the unit. And I (luckily) always ssh access the unit. So I did a reload (sorry, microsoft patterns), but that will not solve anything.
HTTPS access to other systems of the same browser works very well
=================================
Admin # sh ver
Deploying applications engine Cisco OS version: 1.2
ADE-OS Build Version: 1.2.0.228
ADE-OS System Architecture: i386Copyright (c) 2005-2009 by Cisco Systems, Inc.
All rights reserved.
HostName:Version information for the installed applications
---------------------------------------------Cisco ACS VERSION INFORMATION
-----------------------------
Version: 5.3.0.40.8
The identifier for the internal version: B.839
Patches:
5-3-0-40-5
5-3-0-40-8=================================
What version of IE are you using? A newer version of Internet Explorer, you cannot open secured pages that have less force encryption.
Have you tried another browser? In case it works well with firefox or google chrome follow it please the below listed as follows:
There could be a possibility that you have downloaded and applied some update Windows on your machine and that could have changed the level of encryption of minRSAPubKeyBitLength REG_DWORD 512 to higher values.
The command listed below will set the registry to 512
Go to the PC from which you access ACS > start > run > cmd > run the below listed order
C:\Users\Employees>certutil - setreg chain\minRSAPubKeyBitLength 512
Once you have finished, try again and let us know.
Jatin kone
Kind regards-Does the rate of useful messages-
-
Can I use Hype-V in a Cluster to ensure our application redundancy?
Our application is software that contains several objects DCOM, web service and database. We develop a solution of redundancy of the complete system to provide the functionality of failover.
Now, it looks like the use of Hyper-V in a Cluster is a more simple and better than our own solution. The application can be installed in the Hyper-V and failover can be provided by the cluster.
Is there a limitation on this?
Using windows api cluster, detectable application a failover operation when installed in a virtual machine of Hype-V that is taken in a cluster?
Hello
This forum is only for consumer Windows support. You should repost on this forum on the Microsoft Technet Web site: http://social.technet.microsoft.com/Forums/en-US/categories
-
Is it possible to run a second ACS as a redundancy? I found nothing about this in the documentation.
You might want to take a look at the replication options
The system configuration--> CiscoSecure Database Replication
This will allow the redundant server to keep in step with the master server.
It is also useful to examine the second server is not to simply provide redundancy but also a share of the burden.
Half peripheral pointing to Server A, defaulting back to Server B
Other THT half pointing devices on server B, fault back to a server
-
ACS 5.6.0.22.2 upgrade. CAN´t add an application to the dashboard
Hello
I ve ACS updated Version 5.6.0.22.2. Now i´cant add an application like ONLINE AUTHENTICATION to the dashboard. I always get an error message.
'Setup the page is temporarily unavailable.
The same phenomenon occurs after the installation of a new comprehensive EC in VMWARE. Tried with FIREFOX, IE and GOOGLE CROME
Best regards Horst
Add a dashboard application view ACS 5.x error -
How does ACS check redundancy?
Hello
In a router, if you configure the RADIUS server, Ganymede-1 host Ganymede-2, this is how you configure the redundancy of the ACS. My question is, how does the router check the pulse of each RADIUS server? By ping or another keepalive mechanism? What this command do really behind the scene?
What is happening in our environment, is that Ganymede-1 in Windows services keep stops by itself. We cannot authenticate and Ganymede service does not switch to Ganymede-2.
Hi Ganesh.H,
Thanks for the reply. Looking at the command documentation, it states:
"If the command is not configured, the timeout interval is 5 seconds."
So it is default configured regardless I enter this command or not. However, this command does not work as TACACS service does not fail over. Any other idea?
Kevin,
This command is not by default configured in cisco swithces the default setting is 5 seconds if you configure timeout Server tacas only without sepcifying the time in sec.
HTH
Ganesh.H
-
ACS 5.2 package upgrade to application
Hi all
does anyone know what is the "ACS 5.2 upgraded application package"?
I saw this package on the download software area but could not find any document on this.
Kind regards
Thibault.
It's to upgrade ACS 5.1 5.2 ACS without re-imaging.
-
Redundant applications 32 bits installed by CC
Like most professionals, I use a 64-bit operating system. However, without creative cloud downloaded and installed both 32-bit and 64-bit of InDesign, Photoshop and Illustrator on my hard drive, lose tons of space. But the list of installed programs from the Windows does not display both versions. So, how can I uninstall the 32-bit application that is redundant (but leave the 64-bit version)?
You can not. It works as expected.
Mylenium
Maybe you are looking for
-
where brower options, I want to choose Tools
Please help me. I need to select the tool in the browser options, but because it has no buttons and or sign if anything in the browser how do thank you very much
-
Whenever I close Firefox, my app tabs disappeared on restart. I use Firefox 10 and the problem still persists. Is anyway to fix this?
-
Satellite L450D - 13G - problem starting Windows 8 to 8.1
Model: Satellite L450D - 13G I just ugraded to 8.1 Windows of Windows 8 and now at the start of desktop support and refreshing continues, so I can't do anything. As far as I can see, is that the file system keeps from (explorer.exe). Someone at - he
-
Games led by 7 Microsoft running very slow and draggy
I still have a problem to play all the games on my new computer, which is managed by Windows 7. The game runs very slow and response of the mouse and other controls are slow and draggy. Please notify.
-
IM new to computers and when I try to email it gives the message: 'the host 'smtp' could not be found. Please check that you have entered the server name correctly.' Object ' Emailing: skittles & j 016', account: 'pop3', server: 'smtp', Protocol: SMT