Configuration/ACS database consolidation

Similar Questions

• ACS database does not not after having changed the secondary ip of acs.

  Hello.. Im having 2 ACS 3.1 server. ACS01 (primary) & ACS02 (secondary). We recently moved ACS02 to another site and has changed its ip address.

  When we of database replication from ACS01, we received the error message saying ACS02 has refused the request of replication.

  Any idea what can be the problem?

  Consider these elements when you implement the database replication feature Cisco Secure:

  (1) ACS supports only supported replication of database to other ACS servers. All ACS servers participating in the Cisco Secure database replication must run the same version and patch to FAC level.

  (2) the principal server copy compressed and encrypted the database on the secondary server components. This transmission is done via a connection TCP, Port 2000. The TCP session is authenticated and using an encrypted protocol, Cisco-owners.

  (3) only hosts properly configured, valid ACS can be secondary servers. To add a secondary server, configure it in the AAA servers table in the section of this document Network Configuration. When a server is added to the AAA servers table, the server is displayed for selection as a secondary server in the list of AAA servers as replication partners, on the Cisco Secure database replication page.

  (4) the principal server must be configured as an AAA server and must have a key. The secondary server must have a primary server configured as an AAA server and its key for the primary server must match the key primary servers.

  (5) secondary servers replication takes place sequentially in the order listed in the replication list under replication partners, on the Cisco Secure database replication page. (6) the secondary server that receives the replicated components must be configured to accept replication of database from the primary server. To configure a secondary server for database replication, refer to configuring a secondary Cisco Secure ACS Server of this document section.

  (7) ACS does not support two-way replication of database. The secondary server, which receives the replicated components, check that the primary server is not on its list of replication. If this is not the case, the secondary server accepts replicated components. If so, it rejects the components.

  (8) to replicate the seller of RADIUS defined by the user and the configurations of the specific attribute (VSA) provider successfully, definitions have to be replicated must be identical on the primary and secondary servers. This includes seller RADIUS slots occupy sellers RADIUS defined by the user. For more information on the sellers of the RADIUS and the VSA attributes defined by the user, see section User-Defined RADIUS vendors and VSA sets the document Cisco Secure ACS database command-line Utility.

• The configuration registry database is damaged

  When I try and install .NET framework 3.5 it fails installation and said this

  the configuration registry database is damaged

  Hello

  Thank you for giving us the opportunity to help you.

  I would be grateful if you could answer a few questions to refine the question in order to provide you with better assistance.

  1. The place where you want to download .NET Framework 3.5?
  2. You are able to install Windows updates?

  According to the description of the problem you are facing problem in installation of .NET Framework 3.5 on your computer. This error: "the Configuration registry database is corrupted" is caused by the operating system files are damaged or because of the structure of the broken system registry.

  I suggest you to check the system files are they work very well or not and to check who are trying to run the (SFC) System File Checker tool.

  Scan SFC will be scans all protected system files and replaces incorrect versions with appropriate Microsoft versions.

  How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows 8.

  1. Press Windows key and X at the same time.

  2. Choose line (Admin) command on the shortcut menu.

  3. At the command prompt, type sfc/scannow and press ENTER.

  4. Exit the command prompt.

  For more information, refer to this link:

  Use the System File Checker tool to repair missing or corrupted system files

  http://support.Microsoft.com/kb/929833/en-us

  I suggest you to try the suggestion provided in the article mentioned below and see if it helps you to solve the problem.

  Setup of .NET framework 3.5 error: 0x800F0906, 0x800F081F, 0x800F0907

  If the problem persists, try to install .NET Framework 3.5 on Windows 8, Windows 8.1 and Windows 10 from the link below.

  Installation of .NET Framework 3.5 on Windows 8, Windows 8.1 and Windows 10

  Hope it would help. If the problem persists post returns with the required information, the current state of your computer and the result of the proposed suggestion, we will be happy to help you.

  Kind regards

• Configuration of database event view 4.5

  I have some difficulties to the addition of the database of the event view 4.5. It's a SQL Express 2005 on the vCenter server. It is configured to listen on port 1433 static. I use SQL authentication and a SQL account. I've attached screenshots with the settings. I keep getting 'an error occurred' trying to configure the database that someone here knows what I'm doing wrong? I think maybe the name of the database must be in a different format, but I have tried different things without success.

  TIA,

  -Poort.

  The OP said he found mistakes in a newspaper on the login server who helped solve the problem. Can you watch on your login server in C:\programdata\VMware\VDM\logs and see if any of the newspaper and gives no indication of more on what he doesn't like on the configuration?

• How 2 Configure ACS 4.2 to delegate authentication to the radius server

  Hello

  We need run the following scenario:

  Cisco VPN client (or any connect, Cisco SSL VPN client)---> Cisco ASA 5520---> Cisco ACS 4.2---> CAT Authentication Server

  The CAT authentication server is a Radius server. It can receive Radius authentication requests and respond. It is used for strong authentication TFA WBS similar to RSA OTP tokens.

  The question is: how we set up the 4.2 ACS to delegate authentication request to another Radius server.

  Thnx

  Add the RSA server as an external database, configure the drop user profile or a group to authenticate on the new external database rather than ACS DB Local (or Windows DB).

  Easy as pie!

  Please rate if this is useful.

• PEAP configuration ACS 5 vs 4 ACS

  I am Pentecost PEAP ACS 5 and Active Directory 2003, configuration in version 4 of ACS, the ACS must belong to the domain of Winbdows and then had to perform the following steps:

  1 generate the certificate (using as base model named web server)
  2. for authentication PEAP clients, ACS must obtain a CA certificate. The requested certificate is one that was created using the Web server template.
  3. then, you must install the certificate for the ACS software. Download a certificate from base 64.
  4. then in the system configuration / install the ACS certificate / installed the certificate of the local storage of AEC.
  5 then ACS Certification Isle of installation, the *. ERC is installed
  6 and the ACS is ready.

  Now in version 5 of ACS... In the stores of users & identity > external database > Active Directory, I especified the the domain name, the user and the password, if the connection is successful, the ACS will be "Member Server" in the windows domain. My question is: I have to install the certificate file extension *.cer (step 5) in version 5 of ACS?

  Thanks and greetings

  If I understand the question, yes you import the certificate. It is not downloaded because ACS has joined the domain. The general concept is the same as GBA 4.

  Nicolas

• Configuration of database running on the server with 256 cpu

  Hi all
  
  We have a rac 11.2.0.2 on Solaris 10 installation.
  The servers are 2 and a short configuration is:
  
  SQL > show parameter cpu_count
  VALUE OF TYPE NAME
  ------------------------------------ ----------- ------------------------------
  cpu_count integer 256
  
  psrinfo | WC-l
  * 256 *.
  prtconf | grep 'memory '.
  Memory size: * 130784 MB *.
  psrinfo - pv
  The physical processor has 64 virtual processors (0-63)
  UltraSPARC-T2 + (chipid 0, clock MHz 1414)
  The physical processor has 64 virtual processors (64-127)
  UltraSPARC-T2 + (chipid 1, clock MHz 1414)
  The physical processor has 64 virtual processors (128-191)
  UltraSPARC-T2 + (chipid 2, clock MHz 1414)
  The physical processor has 64 virtual processors (192-255)
  UltraSPARC-T2 + (chipid 3, clock MHz 1414)
  
  There are a lot of settings Oracle automatically design based on the number of CPUs.
  In my case, this number is too high.
  
  For example, normally db_cache_size = 4 MB * cpu, in this case the result is 1 G of db_cache_size.
  
  The plan is to create several databases on this car, so the question is:
  
  Is there a way to design or to tell oracle a different number of cpu?
  and in general...
  You have some tips on how it is possible to configure a machine so powerful that runs a large number of instances?
  
  
  Thanks in advance
  
  Published by: Spugna on May 7, 2012 03:01

  Hi Spugna,

  Of course, as long as you use Oracle 11 g you can use Instance Caging to limit each database, the CPU usage. Although it is no longer applicable to the single server database or a CCR node I see no reason why not to use with RAC. Look here for more information:
  http://docs.Oracle.com/CD/E14072_01/server.112/e10595/dbrm007.htm

  You could also consider the consolidation of these different in a large database of databases if it is possible and there is no dependence application?

  Kind regards
  EVS

• Windows 3.0 for device 3.3.2.2 ACS database

  I have 3.0 for windows GBA and bought 2 ACS devices to replace ACS Windows. Is it possible to load the windows config ACS 3.0 for ACS 3.3.2.2 device

  Yes. The backup of the ACS 3.0 configuration, copy the file to an FTP server restore it on the device.

  If the restore fails, you may need upgrading to ACS 3.3 can back up and restore.

• Adding to the ACS database replication

  I want to install a backup ACS4.1, the principal server has no replication of database configured on it.

  I would like to add this feature, because I have to make the primary and to replicate its database to the new backup box I put in place, to which I was able to add the feature during installation.

  So I guess my question is: how to add the functionality of replication of database on Cisco ASC4.1 - post install?

  Help, please

  Happy to help.

  Please mark the thread solved, so that others can enjoy

  Kind regards

  Prem

• ACS database connectivity

  Dear Sir

  I plan to connect my ACS server to external database (oracle 10g) for making this deal would please let me know how I would be able to connect ACS to oracle. It is significant that I read a document from Cisco on this case, but there are still some problems. I would be happy if you let me know your comments.

  Kind regards

  Hamza younes

  To connect ACS Oracle database server click external user database > database Config > external ODBC database and mention the server running Oracle. The following link can help you

  http://www.Cisco.com/en/us/products/ps8543/prod_troubleshooting_guide_chapter09186a00808e7d1d.html

• How to configure ACS 5.2 to manage the Junos 10.4R6.5 fwl via GANYMEDE.

  Hi all

  I have a camera ACS 5.2 newly installed, integrated with our announcement and his work with cisco product, routers switches and etc.  Now I would like to include Juniper firewalls so to be authenticated via ACS 5.2 either via ssh and web access.  Can someone share me how to initiate this, creating policies.

  FYI: I have 14:00 groups regionaladm and regionalops, read/write and read-access, respectively.

  Kind regards

  Marlon

  Marlon,

  I stuck in a config below file I made for our ScreenOS Firewall work with Cisco ACS v5.2.  This configuration may not work because yours is Junos, but it could bring closer you reach to understand.  Also, if you have not been on the Juniper J-Net ask autour, give it a shot. (forums.juniper.net)

  Good luck!

  -Chris

  Title: Example configuration - GSU of Juniper and Cisco ACS v5.x

  Product: SSG320M juniper (Cisco ACS v5.x)
  

  Version: 6.3.0r10.0 ScreenOS (Cisco ACS v5.2.0.26.8)

  Network topology:

  [Juniper SSG320M]-[Cisco 3560 Switch]-[Cisco ACS VM]
  

  Description:

  Goal - authenticate GSU administrators using GANYMEDE + instead of local connections

  Description - This configuration for Cisco ACS v5.x, JTACS had only configuration v3.3.

  ACS v5.x is a VM based on Linux with a completely new user interface and structure.

  Configuration:

  Configure the Juniper (CLI)

  1. Add configuration Cisco ACS and GANYMEDE +.

  Set id CiscoACSv5 of auth-server 1
  set the auth-CiscoACSv5 server ServerName 192.168.1.100
  set server CiscoACSv5-type of admin account
  set the server CiscoACSv5 auth type Ganymede
  Define auth-server CiscoACSv5 Ganymede secret CiscoACSv5
  define CiscoACSv5 Ganymede 49 auth-server port
  Set the server auth admin CiscoACSv5
  Set admin auth distance primary
  Remote admin auth root set
  define outer-get administrator privileges

  Configure the Cisco ACS (GUI) v5.x
  1. navigate to elements of strategy > authorization and permissions > peripheral Administration > Shell profiles
  Create the profile of Shell of Juniper.
  Click the button [create] at the bottom of the page
  Select the general tab
  Name: Juniper
  Description: Custom for Juniper SSG320M attributes
  Select the custom attributes

  Add the vsys attribute:
  Attribute: vsys
  Requirement: required
  Value: root
  Click on the [Add ^] button above the field for the attribute

  Add the attribute of privilege :

  Attribute: privilege
  Requirement: required
  Value: root

  Note : you can also use "read-write", but then the local admin does not work correctly
  Click on the [Add ^] button above the field for the attribute
  Click the button [send] at the bottom of the page

  2. navigate to access policies > Access Services > default device Admin > authorization
  Create the authorization policy of Juniper and filter by IP address.
  Click [customize] at the bottom right of the page
  In terms of customize, select IP address in the left window
  Click the [>] button to add
  Click the [OK] button to close the window

  Click the button [create] at the bottom of the page to create a new rule
  In general, the name of the new rule Juniper and make sure that this option is enabled
  In Conditions, check the box next to IP address
  Enter the ip address of the Juniper (192.168.1.100)
  Under results, click the [Select] button next to the Shell profile field
  Select "Juniper" and click the [OK] button
  Under results, click the [Select] button under the command field sets (if used)
  Select "allow all the" and make sure all other boxes are not CHECKED
  Click the [OK] button to close the window
  Click the [OK] button at the bottom of the page to close the window
  Check the box next to the policy of Juniper , and then move the policy to the top of the list
  Click on the [Save] button at the bottom of the page

  Audit:

  Connect to the CLI of Juniper and GUI using an ACS internal user account and try to change something to check the level of privilege.

• HPCM - configure the database failed

  Hello

  Recently, I installed HPCM 11.1.2.2 on top of my existing installation, setting up database Coordinator, I get error below.

  [EPMCFG] [ERROR] [EPMCFG-01020] [oracle. EPMCFG] [tid: 21] [SRC_CLASS: com.hyperion.config.wizard.impl.RunAllTasks] error: []

  com.hyperion.cis.config.ProcessingException

  at com.hyperion.oslo.OsloDBConfigurator.configure(OsloDBConfigurator.java:164)

  at com.hyperion.config.wizard.impl.RunAllTasks.executeDbConfigTask(RunAllTasks.java:929)

  at com.hyperion.config.wizard.impl.RunAllTasks.execute(RunAllTasks.java:482)

  at com.hyperion.config.wizard.impl.RunnAllTasksState.run(RunnAllTasksState.java:91)

  at java.lang.Thread.run(Thread.java:662)

  Someone met the above error?

  Please suggest.

  Thank you

  CP

  Hello

  Check the privileges on your schema HPCM. (Grant connect, create, create view, resources at HPCM_SCHEMA). Make sure that you have granted all the roles according to Oracle pre - req.

  Not be able to achieve something else of this journal entry.

  In the case where it is a SQL Server, ensure that the snapshot

  

  Added PS to the details of creation of SQL Server database.

  Thank you

  Anjum

• configuration of database vault realm

  version: 11.2.0.2.0

  Operating system: Solaris

  Hello, can someone please tell me a good documentation that contains the configuration of the areas through command lines. The oracle documentation provides only the domain through Grid Control configuration. I want to create realms through the line of commnad or the use of pl/sql packages provided by the vault of the database.

  Thank you

  See also the help of the Package DBMS_MACADM

• Failed to retrieve the configuration of database file when installing EBS on 2 nodes

  I try to install EBS 12.1.1 on two different nodes on Redhat Linux 5. After properly installing the database on node1 (ebsdb), I started rapidwiz on node2 (ebsapps) to install the application technology. When I get to the screen where it asks "Do you want to create a new configuration or load a saved?", I chose to load a saved configuration, typied in the database connection information (ebsdb.sparkdb.com:PROD:1521) and get the following error. Anyone know what I am doing wrong? I am able to ssh to ebsdb to ebsapps and vice versa, and the database and listener is in place.
  
  Failed to retrieve the database configuration file.

  user564785 wrote:
  What file must be copied from DB node to the node of Apps and what place?

  conf_.txt - http://docs.oracle.com/cd/E18727_01/doc.121/e12842/T422699g54568.htm

  You can copy the file to any place on the application-level nodes.

  Thank you
  Hussein

• P6 Configuration of database API

  Hi all
  
  I try to install the Java API of P6 (local mode only), and I have problems with the database Configuration step. Anyone seen this before?
  
  The P6 database is on a Microsoft SQL Server 10.0.2573
  
  I get all the details ID password etc, and then when I hit the next button, it just hangs and the only way to shut down is to close the associated console window.
  I use pubuser but have also tried it with a server admin user.
  
  I ran a trace on the SQL Server and it seems to connect to SQL Server fine, but then does nothing else.
  It also shows the disconnection when close the console window.
  
  If it helps at all, when I run the 'general' demo, I get
  ERROR - Configuration was not found in the database
  ERROR - Configuration was not found in the database
  
  which I guess because the db configuration has not been yet defined upward.
  
  New development API P6 so I'd appreciate any help, even if it's just point me in another direction.
  
  Cameron

  I came across a metalink note that talks about compatibility issue with Oracle Sun JRE 6 Update 29. If you have this jre, you can try to uninstall and use the compatible version of the configuration tested to P6v7 document.