Inclusion of an ACS 5.2 to a primary instance

Hi people,

Hoping someone can help me with this. When you try to save an instance of the ACS for a primary (via System Administration-> operations-> local operations-> deployed operations), I have the following error as a popup in my browser:

"This failure: /opt/CSCOacs/db/acs.crt (no such file or directory)." Your changes have not been saved. Click OK to return to the page from the list. »

I had 2 devices ACS grouped 1120, 1 suffered a hardware failure, a year ago, so I replaced it with a virtual machine. This one is now the principal. I am now wanting to replace the secondary instance (unit 1120 left) with a virtual machine as well. I removed the current device to the network, installed the virtual machine by using the same IP address and tried to register. There no according to the above error. After having tried this several times, I decided to return the device from 1120 to secondary status and then tried to save it with the same results as above.

Any assistance with this would be much appreciated

Thank you

I've seen this before. This can be solved by reloading the backend.

If you still see this problem

1. connect to ACS CLI w / CLI name of user/pass

2 question "acs-config".

3. connect w / ACS GUI name of user/pass

4. specify debug log. This will tell you what levels are fixed now

5 level debugging debugging mgmt of journal

6 repro

7 get the support package with files and newspapers two GBA debug.

8 restore the logging level of mgmt of caveat (mgmt-log debug level warning)

You can also filter the logs from the management servers and paste the relevant papers of that time.

Jatin kone
-Does the rate of useful messages-

Tags: Cisco Security

Similar Questions

  • How ACS to communicate with DomainController in different domain controllers?

    Dear Sir

    Our company has 4 ACS, version 5.3, a primary school and three others are secondary.

    They are in the other domain controller, and I do not know which domain controller they communicate, how to check and how to configure ACS5.3 to communicate dedicated DomainController?

    Thank you

    Michael

    Michael,

    Can you try this and see how it goes:

    You can run the following command in the CLI of the ACS to the ACS
    configuration mode-

    ACS / admin # acs - config

    Escape character is CNTL/D.
    User name:
    Password:

    ACS/acsadmin(config-acs) # dns.dc ad-agent-configuration. .com distribution

    You may see a problem with the format of the command. I have not personally tested lately on ACS 5.3.

    Note # using this will force the ACS to authenticate using only this specific DC. If the domain controller
    becomes inaccessible, you must run this command to point the ACS to a different domain controller.

    In addition, this would require a reboot for the services.

    http://www.Cisco.com/c/en/us/TD/docs/net_mgmt/cisco_secure_access_contro...

    Open the TAC case if you are not comfortable running the above command.

    -Jousset

  • Replication of database ACS SE 3.3.3

    HelloW

    I have some problems with replication of database with 2 ACS SE 3.3.3

    On each ACS, I have configured the other FAC as ACS server.

    On primary, I moved the ACS secondary to a replication partner.

    Secondary, I did not move primary ACS to a replication partner.

    Shared key is the same on the two ACS...

    In the journal of primary education: replication send ok

    In the high school newspaper: replication failed: Secret do not match!

    Secrets are absolutely!

    What can be the problem?

    Thank you

    Remco

    "Shared Secret Mismatch" means that the key to the primary in the primary or the secondary server does not.

    I suggest to enter secret key on free primary entry and the entry of the primary server to the secondary server.

    DO NOT COPY PASTE

    Kind regards

    ~ JG

    Note the useful messages

  • System Administration > operations > scheduled backups does not appear in ACS 5.0.0.21

    Hello!

    I want to do the backup schedule. According to the user's guide:

    You can create a backup scheduled for the primary instance. To create, reproduce or modify a regular
    backup:
    Step 1 Choose System Administration > operations > at the request of the backups.

    But the Administration of the system > operations > scheduled backups does not appear in ACS 5.0.0.21.

    How can I save?

    Hi Alexander,.

    Could you please confirm which link you found these instructions?

    It seems that these are the instructions of the ACS 5.1 user's guide, but we do not have a similar option on ACS 5.0.

    Kind regards

    Fede

    --

    If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

  • Cannot save an ACS secondary for replication of ACS primary 5.2.

    Hello

    I hope someone can help me.  Currently, I have two devices Cisco ACS and both are classified in the PRIMARY.  The first ACS is running version 5.2.0.26 while the second ACS is running version 5.3.0.40.

    My original thought was to install the first ACS and do serve primary and have it replicate its data on the ACS SECONDARY.  Somehow, after installation, the ACS are now listed as PRIMARY.  When I go into secondary ACS under Deployment Options to try to save it in elementary school, I get the following error message:

    "This failure has occurred.  Failed to authenticate with node.  Your changes have not been saved. »

    Even if I try this GBA primary to save it for the secondary ACS, I get the same error message.  I tried all passwords including the credentials of the admin super user, my credentials for the administrator and the credentials provided to SSH in ' GBA and nothing is helping.

    Reading online, I read there was a way to remove an ACS secondary, but I don't have the ability to add this server in the primary for "bump it down" to a secondary antibody hoping to save it for the primary ACS.

    If anyone can give me some pointers, I would greatly appreciate.

    Thank you, and all have a wonderful day.

    THERE

    Yvonne,

    If the identifier is the same then definitely replication does not work, you will not be able to enroll in primary school if the license is the same. The good side is that you have the other license, you only need to install.

    However I have more bad news, the only way to re - install a license file in ACS 5.x uses the CLI command 'acs reset-config', but it will also delete all of the configuration that you have on this server, except the network configuration (IP, gateway, DNS, etc.)

    After entering this command if you are trying to access the GUI, you should not use the name of user and password acsadmin/default, then you will be asked to locate the license file.

    Here is a document with this information where you need it:

    http://www.Cisco.com/en/us/partner/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/my_wkspc.html#wp1052906

  • ACS 5.5/var logs

    Hello
    I received a call today from our team of data statement 100% cpu on a Cisco ACS VM 5.5.0.46 Center (this machine virtual ACS is configured as a primary, but not as a newspaper collector) running. They also had a report indicating that the folder/var on this virtual machine was out of space (1 MB free)

    The CLI on the VM, I ran the command show disks and found the available disk space seemed ok:

    Internal file systems:
    ..
    / var: 80% used (10315944 7783116)
    ..
    all internal file systems have enough free space

    To the virtual machine restarts, showed the output:

    Internal file systems:
    ..
    / var: 5% used (10315944 442856)
    ..
    all internal file systems have enough free space

    If the incident recurs, what commands can I use to view the logs (and size) in / var and they appear in the annex of logrotate ACS?

    Thank you
    Andy

    Andy,

    You can't remove them, but ACS should prune them over time because it manages disk space.

    Javier Henderson

    Cisco Systems

  • secondary ACS 5.1 fails to cancel the registration, after IP change on primary

    IP address of primary education had to be modified, in response to a hardware failure of the RADIUS server with the intellectual property in several configs device.

    Now school is unresponsive to repeated requests "Cancel registration of the primary", even after reloading.

    apparently because he can't reach the primary to the old IP address.

    Asking to cancel the registration in the GUI generates pop-up that says: "this operation will remove this Instance ACS of the primary Instance.

    On this instance of the CSA management applications will be restarted and you will need to identify yourself again.  After you perform this operation

    Please wait five minutes for this restart complete.

    Do you want to continue? »      [OK]

    But checking back after 10 minutes - or even the next day - find status of secondary education unchanged.

    Also tried in Local Mode, cancel the registration of the primary;  This operation also fails.

    Does anyone have the URL HOWTO on a total reconstruction of the application of GBA?

    The two ACS are PCA-1121-K9 5.1.0.44.4 running.

    Thanks in advance for any help...

    UPDATE: *.

    Command, has recommended "application reset-config acs", has been _exactly_ what was needed.

    jrabinow - thanks a lot!    :-)

    also, thanks for mentioning that the licence would be required, so that I could locate in advance and have it ready.

    Since there is no local CERT on the server, we should not re - install those.

    Since it is a secondary antibody that it should not have too much in terms of specific configuration

    Therefore, one possibility is to reset the configuration, so once more, it becomes just a stand-alone node and then that to the deployment as it is for any new node and as you saved it until

    Reset configuration can be done using the following command in the CLI:

    rebate to zero-config CSA

    Note that after resetting the configuration you will need to reinstall the license so make sure that you have it handy

    So if you installed a certificate server to the secondary server, you have that too

  • Version of Cisco ACS 1121 5.3 - logging

    Hello

    I am new to Cisco ACS 5.X. What I've read, the Cisco ACS can act as a logging server. Does this mean, all messages from syslog to all other network and ACS devices can be stored by ACS? I'm a little confused on that part.

    Finally, I understand that Cisco ACS has many or perhaps 2 instances? When we use these instance? What is this instance?

    Kind regards

    RAM

    In the deployment, you must specify an acs as the Logcollector server. All other servers send the logs to the Logcollecter.

    http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_sys...

    In a distributed deployment, each acs server is an instance. If you have a main instance and multiple secondary instances.

    http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_sys...

    Sent by Cisco Support technique iPad App

  • Input TextField with embedded characters

    I have a weird problem. I have an input textfield nested inside a movieclip, I integrated a set of characters, but when I run the movie I can still enter characters that were not part of the inclusion list. The text entry field has an instance name and the name of the variable. If I copy this text field in an empty fla file, it works correctly by not allowing is not character entries that were not incorporated. Is it weird? Any ideas?

    Use the property restrict textfields if you restrict entry.

  • QObject pending inclusion

    Hello

    I'm having a problem unsolved inclusion on QObject include whenever I start a new project, how can I solve this problem?

    Check includes it the path in your project

  • upgrade ACS 5.3 5.4 fails

    Hello

    I try ACS 5.3.0.40 update to the new version 5.4.0.46. Everything looks ok:

    ACS-machine / acsadmin # application upgrade ACS_5.4.0.46.tar.gz rep01

    You want to save the current configuration? (yes/no) [Yes]?

    Building configuration...

    Save the configuration running at startup

    Application of % CARS installation required post installation reboot...

    Broadcast from root (pts/0) message (Thu Dec 6 23:36:41 2012):

    The system is down for reboot NOW!

    Successful application update

    But the ACS (vmware instance) machine cannot be started with this result: Volume group 'smosvg' not found. (see attachment for details)

    Any ideas?

    --

    Martin

    Have you installed patch 8 on the 5.3.0.40 before moving to 5.4?

    Maybe you run in CSCuc93106...

    Edit:

    Ehhmm... unlikely.

  • License of ACS

    Where can I get a license for ACS 5.8?

    An evaluation license is available?

    Hi Bill,

    Visit this link:
    https://supportforums.Cisco.com/document/12509071/Cisco-secure-access-control-server-evaluation-license-key-ACS-evaluation#LICENSE_KEY_Installation_Instruction

    You can get a 90 days trial license provided you have a valid contract and the device SN.

    Concerning
    Dinesh Moudgil

    PS Please rate helpful messages.

  • Pending inclusion: bb/stunts/Stacklayout >

    Hello

    I followed the guide "create your first application using c ++" and I got this error: "" pending inclusion: ".

    Could someone help.

    Hello

    #include - capitalization is important

  • License of ACS problem please help me

    Hi all

    I have download ACS v5.6.0.22 and I install in ESXI, but when I search evaluation site license

    'tools.cisco.com/SWIFT/LicensingUI/Quickstart '.

    I have download this license, but does not work is for 4 CiscoACS I can't find ACS v5 license. 6 in the Web site. Please can someone

    Help me

    Hello

    Could you please try install the attached license file and let me know.

    Concerning

    Gagan

  • How can I get a trial version of cisco ACS 5.4

    Hi guys:

    I would get a trial version of GBA 5.4 for educational purposes (certification LAB). I know that it is possible to download the ISO file of www.cisco.com, but when a try to download the file with my cisco CCO get a message asking me "an additional fee required. Do you know how can I get this software?

    PD: I was able to download a trial of this software (file *.lic) license, but I want to install the ACS in a VMWARE server and play with him. I need the ISO file.

    Thank you very much for your help

    Kind regards.

    Martin

    CCNA-CCNP-CCGD

    Certified Engineer

    Cisco limited offer of trial copies of some of its products. Those that are linked from here:

    http://www.Cisco.com/go/nmsevals

    In General, if it is not there, it is not available as a trial version. It is usually not Cisco policy to provide all the software trial for teaching and laboratory use.

    If you are working with a Cisco or a partner account manager, you will get an exception on a case-by-case basis.

Maybe you are looking for