Configuration/ACS database consolidation
Hello
I have two ACS servers.
One is the 2.4 version and the other is the 3.0.2 version.
My wish is to install a third ACS 4.0 server which will replace the other two.
I had planned the following steps:
1 - upgrade versions 2.4 (srv1) and 3.0.2 (srv2) for 3.0.4.
2 - export using tool CSUtil configuration of these two servers data;
3. manually consolidate all data;
4. install the new server with the version 3.0.4.
5 - import using CSUtil data consolidated on the new server.
6 - update the new server after version 4.0 recommended upgrade path.
All comments on these steps?
Y at - it no special mechanism/tool to consolidate the configuration from two separate servers for GBA?
Thanks in advance.
Kind regards
Ricardo
Ricardo,
We cannot export devices with csutil. What we can do is to search for devices on GUI and download a CSV of the search result.
DBSync does not database between ACS servers synchronize. DBSync uses a csv file to add devices/users in bulk. So if we create a CSV of users and devices we can import in ACS. More info about dbsync to: -.
http://www.Cisco.com/univercd/CC/TD/doc/product/access/acs_soft/csacs4nt/acs33/user/sad.htm#wp756877
Kind regards
Vivek
Tags: Cisco Security
Similar Questions
-
ACS database does not not after having changed the secondary ip of acs.
Hello.. Im having 2 ACS 3.1 server. ACS01 (primary) & ACS02 (secondary). We recently moved ACS02 to another site and has changed its ip address.
When we of database replication from ACS01, we received the error message saying ACS02 has refused the request of replication.
Any idea what can be the problem?
Consider these elements when you implement the database replication feature Cisco Secure:
(1) ACS supports only supported replication of database to other ACS servers. All ACS servers participating in the Cisco Secure database replication must run the same version and patch to FAC level.
(2) the principal server copy compressed and encrypted the database on the secondary server components. This transmission is done via a connection TCP, Port 2000. The TCP session is authenticated and using an encrypted protocol, Cisco-owners.
(3) only hosts properly configured, valid ACS can be secondary servers. To add a secondary server, configure it in the AAA servers table in the section of this document Network Configuration. When a server is added to the AAA servers table, the server is displayed for selection as a secondary server in the list of AAA servers as replication partners, on the Cisco Secure database replication page.
(4) the principal server must be configured as an AAA server and must have a key. The secondary server must have a primary server configured as an AAA server and its key for the primary server must match the key primary servers.
(5) secondary servers replication takes place sequentially in the order listed in the replication list under replication partners, on the Cisco Secure database replication page. (6) the secondary server that receives the replicated components must be configured to accept replication of database from the primary server. To configure a secondary server for database replication, refer to configuring a secondary Cisco Secure ACS Server of this document section.
(7) ACS does not support two-way replication of database. The secondary server, which receives the replicated components, check that the primary server is not on its list of replication. If this is not the case, the secondary server accepts replicated components. If so, it rejects the components.
(8) to replicate the seller of RADIUS defined by the user and the configurations of the specific attribute (VSA) provider successfully, definitions have to be replicated must be identical on the primary and secondary servers. This includes seller RADIUS slots occupy sellers RADIUS defined by the user. For more information on the sellers of the RADIUS and the VSA attributes defined by the user, see section User-Defined RADIUS vendors and VSA sets the document Cisco Secure ACS database command-line Utility.
-
The configuration registry database is damaged
When I try and install .NET framework 3.5 it fails installation and said this
the configuration registry database is damaged
Hello
Thank you for giving us the opportunity to help you.
I would be grateful if you could answer a few questions to refine the question in order to provide you with better assistance.
- The place where you want to download .NET Framework 3.5?
- You are able to install Windows updates?
According to the description of the problem you are facing problem in installation of .NET Framework 3.5 on your computer. This error: "the Configuration registry database is corrupted" is caused by the operating system files are damaged or because of the structure of the broken system registry.
I suggest you to check the system files are they work very well or not and to check who are trying to run the (SFC) System File Checker tool.
Scan SFC will be scans all protected system files and replaces incorrect versions with appropriate Microsoft versions.
How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows 8.
Press Windows key and X at the same time.
Choose line (Admin) command on the shortcut menu.
At the command prompt, type sfc/scannow and press ENTER.
Exit the command prompt.
For more information, refer to this link:
Use the System File Checker tool to repair missing or corrupted system files
http://support.Microsoft.com/kb/929833/en-us
I suggest you to try the suggestion provided in the article mentioned below and see if it helps you to solve the problem.
Setup of .NET framework 3.5 error: 0x800F0906, 0x800F081F, 0x800F0907
If the problem persists, try to install .NET Framework 3.5 on Windows 8, Windows 8.1 and Windows 10 from the link below.
Installation of .NET Framework 3.5 on Windows 8, Windows 8.1 and Windows 10
Hope it would help. If the problem persists post returns with the required information, the current state of your computer and the result of the proposed suggestion, we will be happy to help you.
Kind regards
-
Configuration of database event view 4.5
I have some difficulties to the addition of the database of the event view 4.5. It's a SQL Express 2005 on the vCenter server. It is configured to listen on port 1433 static. I use SQL authentication and a SQL account. I've attached screenshots with the settings. I keep getting 'an error occurred' trying to configure the database that someone here knows what I'm doing wrong? I think maybe the name of the database must be in a different format, but I have tried different things without success.
TIA,
-Poort.
The OP said he found mistakes in a newspaper on the login server who helped solve the problem. Can you watch on your login server in C:\programdata\VMware\VDM\logs and see if any of the newspaper and gives no indication of more on what he doesn't like on the configuration?
-
How 2 Configure ACS 4.2 to delegate authentication to the radius server
Hello
We need run the following scenario:
Cisco VPN client (or any connect, Cisco SSL VPN client)---> Cisco ASA 5520---> Cisco ACS 4.2---> CAT Authentication Server
The CAT authentication server is a Radius server. It can receive Radius authentication requests and respond. It is used for strong authentication TFA WBS similar to RSA OTP tokens.
The question is: how we set up the 4.2 ACS to delegate authentication request to another Radius server.
Thnx
Add the RSA server as an external database, configure the drop user profile or a group to authenticate on the new external database rather than ACS DB Local (or Windows DB).
Easy as pie!
Please rate if this is useful.
-
PEAP configuration ACS 5 vs 4 ACS
I am Pentecost PEAP ACS 5 and Active Directory 2003, configuration in version 4 of ACS, the ACS must belong to the domain of Winbdows and then had to perform the following steps:
1 generate the certificate (using as base model named web server)
2. for authentication PEAP clients, ACS must obtain a CA certificate. The requested certificate is one that was created using the Web server template.
3. then, you must install the certificate for the ACS software. Download a certificate from base 64.
4. then in the system configuration / install the ACS certificate / installed the certificate of the local storage of AEC.
5 then ACS Certification Isle of installation, the *. ERC is installed
6 and the ACS is ready.Now in version 5 of ACS... In the stores of users & identity > external database > Active Directory, I especified the the domain name, the user and the password, if the connection is successful, the ACS will be "Member Server" in the windows domain. My question is: I have to install the certificate file extension *.cer (step 5) in version 5 of ACS?
Thanks and greetings
If I understand the question, yes you import the certificate. It is not downloaded because ACS has joined the domain. The general concept is the same as GBA 4.
Nicolas
-
Configuration of database running on the server with 256 cpu
Hi all
We have a rac 11.2.0.2 on Solaris 10 installation.
The servers are 2 and a short configuration is:
SQL > show parameter cpu_count
VALUE OF TYPE NAME
------------------------------------ ----------- ------------------------------
cpu_count integer 256
psrinfo | WC-l
* 256 *.
prtconf | grep 'memory '.
Memory size: * 130784 MB *.
psrinfo - pv
The physical processor has 64 virtual processors (0-63)
UltraSPARC-T2 + (chipid 0, clock MHz 1414)
The physical processor has 64 virtual processors (64-127)
UltraSPARC-T2 + (chipid 1, clock MHz 1414)
The physical processor has 64 virtual processors (128-191)
UltraSPARC-T2 + (chipid 2, clock MHz 1414)
The physical processor has 64 virtual processors (192-255)
UltraSPARC-T2 + (chipid 3, clock MHz 1414)
There are a lot of settings Oracle automatically design based on the number of CPUs.
In my case, this number is too high.
For example, normally db_cache_size = 4 MB * cpu, in this case the result is 1 G of db_cache_size.
The plan is to create several databases on this car, so the question is:
Is there a way to design or to tell oracle a different number of cpu?
and in general...
You have some tips on how it is possible to configure a machine so powerful that runs a large number of instances?
Thanks in advance
Published by: Spugna on May 7, 2012 03:01Hi Spugna,
Of course, as long as you use Oracle 11 g you can use Instance Caging to limit each database, the CPU usage. Although it is no longer applicable to the single server database or a CCR node I see no reason why not to use with RAC. Look here for more information:
http://docs.Oracle.com/CD/E14072_01/server.112/e10595/dbrm007.htmYou could also consider the consolidation of these different in a large database of databases if it is possible and there is no dependence application?
Kind regards
EVS -
Windows 3.0 for device 3.3.2.2 ACS database
I have 3.0 for windows GBA and bought 2 ACS devices to replace ACS Windows. Is it possible to load the windows config ACS 3.0 for ACS 3.3.2.2 device
Yes. The backup of the ACS 3.0 configuration, copy the file to an FTP server restore it on the device.
If the restore fails, you may need upgrading to ACS 3.3 can back up and restore.
-
Adding to the ACS database replication
I want to install a backup ACS4.1, the principal server has no replication of database configured on it.
I would like to add this feature, because I have to make the primary and to replicate its database to the new backup box I put in place, to which I was able to add the feature during installation.
So I guess my question is: how to add the functionality of replication of database on Cisco ASC4.1 - post install?
Help, please
Happy to help.
Please mark the thread solved, so that others can enjoy
Kind regards
Prem
-
Dear Sir
I plan to connect my ACS server to external database (oracle 10g) for making this deal would please let me know how I would be able to connect ACS to oracle. It is significant that I read a document from Cisco on this case, but there are still some problems. I would be happy if you let me know your comments.
Kind regards
Hamza younes
To connect ACS Oracle database server click external user database > database Config > external ODBC database and mention the server running Oracle. The following link can help you
http://www.Cisco.com/en/us/products/ps8543/prod_troubleshooting_guide_chapter09186a00808e7d1d.html
-
How to configure ACS 5.2 to manage the Junos 10.4R6.5 fwl via GANYMEDE.
Hi all
I have a camera ACS 5.2 newly installed, integrated with our announcement and his work with cisco product, routers switches and etc. Now I would like to include Juniper firewalls so to be authenticated via ACS 5.2 either via ssh and web access. Can someone share me how to initiate this, creating policies.
FYI: I have 14:00 groups regionaladm and regionalops, read/write and read-access, respectively.
Kind regards
Marlon
Marlon,
I stuck in a config below file I made for our ScreenOS Firewall work with Cisco ACS v5.2. This configuration may not work because yours is Junos, but it could bring closer you reach to understand. Also, if you have not been on the Juniper J-Net ask autour, give it a shot. (forums.juniper.net)
Good luck!
-Chris
Title: Example configuration - GSU of Juniper and Cisco ACS v5.x
Product: SSG320M juniper (Cisco ACS v5.x)
Version: 6.3.0r10.0 ScreenOS (Cisco ACS v5.2.0.26.8)
Network topology:
[Juniper SSG320M]-[Cisco 3560 Switch]-[Cisco ACS VM]
Description:
Goal - authenticate GSU administrators using GANYMEDE + instead of local connections
Description - This configuration for Cisco ACS v5.x, JTACS had only configuration v3.3.
ACS v5.x is a VM based on Linux with a completely new user interface and structure.
Configuration:
Configure the Juniper (CLI)
1. Add configuration Cisco ACS and GANYMEDE +.
Set id CiscoACSv5 of auth-server 1
set the auth-CiscoACSv5 server ServerName 192.168.1.100
set server CiscoACSv5-type of admin account
set the server CiscoACSv5 auth type Ganymede
Define auth-server CiscoACSv5 Ganymede secret CiscoACSv5
define CiscoACSv5 Ganymede 49 auth-server port
Set the server auth admin CiscoACSv5
Set admin auth distance primary
Remote admin auth root set
define outer-get administrator privilegesConfigure the Cisco ACS (GUI) v5.x
1. navigate to elements of strategy > authorization and permissions > peripheral Administration > Shell profiles
Create the profile of Shell of Juniper.
Click the button [create] at the bottom of the page
Select the general tab
Name: Juniper
Description: Custom for Juniper SSG320M attributes
Select the custom attributesAdd the vsys attribute:
Attribute: vsys
Requirement: required
Value: root
Click on the [Add ^] button above the field for the attributeAdd the attribute of privilege :
Attribute: privilege
Requirement: required
Value: rootNote : you can also use "read-write", but then the local admin does not work correctly
Click on the [Add ^] button above the field for the attribute
Click the button [send] at the bottom of the page2. navigate to access policies > Access Services > default device Admin > authorization
Create the authorization policy of Juniper and filter by IP address.
Click [customize] at the bottom right of the page
In terms of customize, select IP address in the left window
Click the [>] button to add
Click the [OK] button to close the windowClick the button [create] at the bottom of the page to create a new rule
In general, the name of the new rule Juniper and make sure that this option is enabled
In Conditions, check the box next to IP address
Enter the ip address of the Juniper (192.168.1.100)
Under results, click the [Select] button next to the Shell profile field
Select "Juniper" and click the [OK] button
Under results, click the [Select] button under the command field sets (if used)
Select "allow all the" and make sure all other boxes are not CHECKED
Click the [OK] button to close the window
Click the [OK] button at the bottom of the page to close the window
Check the box next to the policy of Juniper , and then move the policy to the top of the list
Click on the [Save] button at the bottom of the pageAudit:
Connect to the CLI of Juniper and GUI using an ACS internal user account and try to change something to check the level of privilege.
-
HPCM - configure the database failed
Hello
Recently, I installed HPCM 11.1.2.2 on top of my existing installation, setting up database Coordinator, I get error below.
[EPMCFG] [ERROR] [EPMCFG-01020] [oracle. EPMCFG] [tid: 21] [SRC_CLASS: com.hyperion.config.wizard.impl.RunAllTasks] error: []
com.hyperion.cis.config.ProcessingException
at com.hyperion.oslo.OsloDBConfigurator.configure(OsloDBConfigurator.java:164)
at com.hyperion.config.wizard.impl.RunAllTasks.executeDbConfigTask(RunAllTasks.java:929)
at com.hyperion.config.wizard.impl.RunAllTasks.execute(RunAllTasks.java:482)
at com.hyperion.config.wizard.impl.RunnAllTasksState.run(RunnAllTasksState.java:91)
at java.lang.Thread.run(Thread.java:662)
Someone met the above error?
Please suggest.
Thank you
CP
Hello
Check the privileges on your schema HPCM. (Grant connect, create, create view, resources at HPCM_SCHEMA). Make sure that you have granted all the roles according to Oracle pre - req.
Not be able to achieve something else of this journal entry.
In the case where it is a SQL Server, ensure that the snapshot
Added PS to the details of creation of SQL Server database.
Thank you
Anjum
-
configuration of database vault realm
version: 11.2.0.2.0
Operating system: Solaris
Hello, can someone please tell me a good documentation that contains the configuration of the areas through command lines. The oracle documentation provides only the domain through Grid Control configuration. I want to create realms through the line of commnad or the use of pl/sql packages provided by the vault of the database.
Thank you
See also the help of the Package DBMS_MACADM
-
Failed to retrieve the configuration of database file when installing EBS on 2 nodes
I try to install EBS 12.1.1 on two different nodes on Redhat Linux 5. After properly installing the database on node1 (ebsdb), I started rapidwiz on node2 (ebsapps) to install the application technology. When I get to the screen where it asks "Do you want to create a new configuration or load a saved?", I chose to load a saved configuration, typied in the database connection information (ebsdb.sparkdb.com:PROD:1521) and get the following error. Anyone know what I am doing wrong? I am able to ssh to ebsdb to ebsapps and vice versa, and the database and listener is in place.
Failed to retrieve the database configuration file.user564785 wrote:
What file must be copied from DB node to the node of Apps and what place?conf_
.txt - http://docs.oracle.com/cd/E18727_01/doc.121/e12842/T422699g54568.htm You can copy the file to any place on the application-level nodes.
Thank you
Hussein -
P6 Configuration of database API
Hi all
I try to install the Java API of P6 (local mode only), and I have problems with the database Configuration step. Anyone seen this before?
The P6 database is on a Microsoft SQL Server 10.0.2573
I get all the details ID password etc, and then when I hit the next button, it just hangs and the only way to shut down is to close the associated console window.
I use pubuser but have also tried it with a server admin user.
I ran a trace on the SQL Server and it seems to connect to SQL Server fine, but then does nothing else.
It also shows the disconnection when close the console window.
If it helps at all, when I run the 'general' demo, I get
ERROR - Configuration was not found in the database
ERROR - Configuration was not found in the database
which I guess because the db configuration has not been yet defined upward.
New development API P6 so I'd appreciate any help, even if it's just point me in another direction.
CameronI came across a metalink note that talks about compatibility issue with Oracle Sun JRE 6 Update 29. If you have this jre, you can try to uninstall and use the compatible version of the configuration tested to P6v7 document.
Maybe you are looking for
-
Series A300D comes with 3-* dishes *-pin adapter
I would like to know if the A300D series come with 3-* dishes *-pin adapter, thank you.
-
Qosmio G40-108 - when and where it will be on sale in the United Kingdom?
I really want to buy the Qosmio G40-108, but I can't find anywhere to sell and have in stock.Nobody knows where and when they will be available for purchase?
-
Upgrading HP a6123w for expansion of World of Warcraft
Hello all- I currently run a HPa a6123w http://support.HP.com/us-en/document/c01070884 The upgrade only that I did is to put a pretty weak NVidia 8400gs graphic card in it... I just went to Best Buy and bought one in the range of $ 50 million. I am a
-
I would like to start my experience by customizing the outside of my laptop - it's black base mat I saw a few skins which cover the entire surface, but I would really leave the visible logo. I've also seen designs for other computers that really high
-
Why is a replacement wireless card does not let me start my computer?
My HP Pavillion G6 says that it has detected a wireless module that is not supported. Is it possible to install a wireless module to a non supported wireless hardware?