The upgrade to Cisco ACS
I would like to upgrade our current ACS NT Terminalserver edition server to a Win2000 server. Since this upgrade requires a fresh installation (since a direct upgrade from NT 4 TS to w2k is not the best thing to do). My question is, do I have to do to ensure that I can keep my user database active? Is replication the answer? And replication will make a copy of all the different users/groups/routers etc etc. In other words, I'll be able to do this upgrade without too much trouble?
I speak here of a replication of the database, do not configure replication between servers ACS.
Here is the doc that will help you to do this
Tags: Cisco Security
Currently we are upgrading the PDC to Windows Server 2008, Standard Edition R2.
I am little confused with information available for upgrade scenarios. Appearing on the current working versions.
Cisco ACS SE - version 4.1 Build 23 5 Patch 1
Cisco ACS Remote Agent version 4.2 (0.124)
The new operating system will work on 64-bit, I think that the current ACE SE and the remote agent can / must be upgraded.
My existing versions, give the possible scenarios of upgrade available for me. After that upgraded SE and Remote Agent should work for the 64 bit OS.
Thanks in advance!
Yes, it is not possible to upgrade the ACS ACS 5.2 existing to level 4.1. They are two different boxes run on a different platform.
Unfortunately ACS 4.x does not support windows 2008 r2.
5.2 ACS is the only option left, and you will need to buy a new box of seprate with the new licnese for this.
Note the useful messages
I downgrade of cisco device 1120 DCC acs 220.127.116.11 5.0, I need to upgrade to acs 18.104.22.168. Is device 1120 cisco acs supports 22.214.171.124, how do I upgrade 126.96.36.199 188.8.131.52.
There are any server distribution for the upgrade. Please suggest on this, thank you
Yes, you can upgrade it to 184.108.40.206 and you can download the version from the link below listed;
Here are the files you need to download:
: Note apply the upgrade of management first and then software update. ..
Distribution server is a machine where you can download the patch on the Cisco Secure ACS Appliance, so if you download the version on your laptop and download then only one distributor (nothing special)
Upgrade an application of 220.127.116.11
I hope this helps.
Note the useful posts ~
I'm trying to configure the Cisco ACS 5.2 to Dot1x of authentication for clients on windows 7 & windows XP, I did all the steps but I could not create Service rule, it gives me an error message that you can see in the attached screenshot.
After that I specify the allowed protocols it gives me the choice to choose the choice of identity and the is ' t it give me this error.
your help is very appreciated.
Try another browser like Hussam suggested and let us know the results.
I updated FireFox to 15.0.1 and now I am not able to manipulate many parameters with ACS 5.3
Version of this browser is extremely stupid with ACS 5.x, but it shows not all message boxes. It just does not display the page when you click on the link.
If different browsers show the same question, I would say that you restart the machine (physical or virtual) completely and try again.
It is also best to upgrade to the latest patch, if this is not already the case.
Rating of useful answers is more useful to say "thank you".
Try to restore the Cisco ACS 5.4 password installed on vmware. Where can I get the password recovery DVDs? There is no software in the list on the site.
TAC may provide to you. You will need to open a folder and the application.
I was hoping that someone could help me with what might be a silly question. I'm trying to implement a solution whereby an operator can control all their nodes (other than Cisco) network via GANYMEDE + involved nodes are
Juniper M10i running Junos 9.2, M120
M320 running Junos 8.5 Juniper
Extremes of BD8810 and BD8806 running 18.104.22.168 XOS
3804 Alpine extreme Extremeware 22.214.171.124 running
My question is, can I use Cisco ACS 5.2 (or 4.2) to authenticate using GANYMEDE + to these other than Cisco devices. Has anyone else done this or I have to use RADIUS? If someone has done this are problems of interoperability with Cisco CS and Junos or XOS extreme. Thank you
We have a very large deployment of Juniper (T-series, series MX, etc.). We use Cisco ACS and GANYMEDE to manage these devices. The configuration of the ACS is fairly simple. You'll want to create users to connect and match them to the classes on your JUNOS routers. Here is an example:
set system login user uid of engineering 2000
Set system login user engineering genius-class class
set the connection user uid to NOC 2001 System
Set system login user AC AC-class class
define the system connection Engineering-class idle-timeout 15
define a connection system class engineering-class permissions all
define the system connection AC-class idle-timeout 15
define the connection class AC system class view permissions
Set connection AC-class permissions see the system configuration
We use two classes of genius and NOC. One is defined as a read / write and the second read-only. This is in turn then mapped in ACS (in our case version 4.2) by user or group (preferred). First, you change the configuration of the interface and add a Ganymede junos-exec service and do not enter the Protocol field. Then, you change the attributes of the user group. I've attached screenshots for both on this subject.
Hope this helps.
Hi, we installed in laptops wireless customer a certificate created by Cisco ACS to authenticate, but its about to expire.
How can I do to renew the certificate whithout affecting users.
(1) Yes, we can generate a new cert but install the latter.
(2) install generated new cert on the client.
(3) install the new cert in ACS.
Good plan and will probably work.
Note the useful messages
Hello, I updated a backup unit of two ACS to the 126.96.36.199.0a version first I changed it to standalone, and now I'm trying to save for the main CSA that is running the 188.8.131.52.2 version
And I get this error
This failure has occurred: com.cisco.nm.acs.im.certificate.Certificate; incompatible local class: stream classdesc serialVersionUID = 8507982043664257993, local class serialVersionUID = 1927357986028617243. Your changes have not been saved. Click OK to return to the list page.
What can I do to solve it?
The primary and the secondary must be run on the same code.
-Does the rate of useful messages-
A customer has Cisco 1600 12 access point and they want to add 3 access points. These access points are autonomous access points and the customer is tired to make individual changes by access points. I suggested that the new access point be base controller, so my question; These existing access points can be upgraded to LWAPP? Or do need to be replaced? Or this controller one web-based access to existing contact points and be controlled.
so my question; can these existing access point be upgraded to LWAPP? Or do they need to be replaced?Yes, existing AP can be converted into TOUR mode with a recovery image. Here's how you can do it (note that there are several ways) http://mrncciew.com/2012/10/20/lightweight-to-autonomous-conversion/ http://mrncciew.com/2013/12/13/ap-conversion-using-mode-button/ is the good idea to get a WLC (like 2504) to manage in a simple way, rather managing them individually. See below the product bundles available. If this is the case, you will get with license 25AP 2504 for almost for free when you buy 2 x 1702. Make sure that you choose the product of appropriate regulatory AIR-AP1702I-A-WLC HTH Rasika * Pls note all useful responses *.
Currently, we are conducting 5.1.3 GIS 257. I know I'm behind and want to also include DST updates. If I switch to 5.1.4 or 5.1.5 What is the version that I will need to upgrade to these Service Packs? 5.1.3's 257 enough?
You can go to 5.1. (5) .. minimum required for this upgrade is 5.0 (1) for users of CLI and IDM. This Service Pack includes the update of the Signature S272. With regard to the IDS/IPS devices, its always preferable to run on the latest versions.
Miss me something, when you try to download the software on the ISDN link. I have the connected to the PC via a serial cable, I can then go into the API with HyperTerminal and set the root password, but when I try to connect with WinSCP I just get the error ' gethostbyname: unknown error "." I need to enter the hostname of course, this is a silly question probably, but that is the same as the name of the system unit?
I can't use the URL method since we have no internet connectivity for the device.
Any ideas would be very welcome, it's probably something very simple that I'm missing. The current configuration is the default value of the plant besides the root password change.
WinSCP requires that your ISDNLInk and your PC are both on the IP network, it is not copy on a serial connection, you are just using the connection set for call orders. Similar to the TFTP method (what you can do on your own TFTP server, it cannot be the one on the Internet).
Another option, which I think the best way to upgrade an ISDNLInk, is to do it via the web interface of the SX20 or some point of endpoints that you use with and you can download the file via your web browser.
Remember the frequency responses and mark your question as answered as appropriate.
Hello; I'm trying the upgrade of our ACS VM to 5.6 to 5.7 ACS servers. The file ISO, Tar 5.7 and basic Patch works very well. The question that we run into seems to be after each update rollup. The 'Show Application status ACS' shows that half of the process are in a "not monitored" State (management, View employment Manager, Manager of display-alert and View log-processor). Other services are in a running state. Show "Stop and start GBA" or "Recharge" solves the problem. I am Inquiring on what I can do next. Thank you very much in advance
The bug that you mentioned is now resolved in patch 5 5.8 ACS
PS: Please write it down as correct if it helps!
The Windows of Cisco ACS version seems to have the ability of integration with RSA Securid its listed in external databases. It can also support the SDI Protocol if you install the agent on the Windows ACS platform. I need to use a Cisco ACS 1113 but RSA Securid does not appear in the section external databases. This mean that I won't be able to use the SDI Protocol only available RADIUS.
And Yes you are right,
With ACS, we need to configure using RADIUS, on ACS SE it won't work with SDI.
Someone had problems with the TMS 13.0.2 to 13.1.1 upgrade that installation fails to put SQL server level?
My server is now at the stage where I can't install the upgrade or re-install v13.0.2.
Strange, I've marked this bug as a 'visible customer' a week ago. I know that it can take a day or two before, it can actually be displayed by partners/clients, but it shouldn't take a week.
In general, mark us (at least in the world of Cisco TMS) all new bugs as a 'visible customer '. However, not all bugs old Tandberg bug tracking system have been replicated to CDETS yet, that's why you sometimes see bugs which are not visible in the Bug Toolkit.
It's the RNE for CSCtt19457:
The upgrade of Cisco TMS to the version 13.1 or 13.1.1 fails. The Databaselog.txt file shows a timeout in SQL Server:
2011-10 - 03T 15: 37:53 to execute SQL block 1349, starting at line 30465
2011-10 - 03T 15: 38:39 error in UpgradeDatabase unhandled
2011-10 - 03T 15: 38:39 timeout has expired. The delay before the end of the operation or the server is not responding.
2011-10 - 03T 15: 38:39 at System.Data.SqlClient.SqlConnection.OnError (SqlException exception, Boolean breakConnection)
The issue was seen in facilities at TMS using SQL Server 2008 and occurs when the stored procedure "NET_Utility_CheckForAccessCopyPasteErrors" is installed. Installation it would normally take about one millisecond, but when this occurs, it takes more than 20 seconds.
Upgrade SQL Server to the latest service pack and run Setup again. If the SQL code is already on the latest service pack, restart the SQL Server service.
We are currently using the Cisco ACS 184.108.40.206 solution engine and using a Windows domain as a remote agent controller.
We now have the ACS to 4.1
1. do I need to upgrade the remote agent on the domain controller as well?
2. any computer on the network can be used as a Distribution Server?
3. after an initial backup and upgrade then to 220.127.116.11 I make another backup before the upgrade to 4.1?
You can use any PC in the network as a Distribution Server.
Maybe you are looking for
I download an example of VI demonstratinig using the function of occurrence. When I tested it that VI, it is 'sometimes' not triggered in odds on occurrence. I don't know how to explain it... Cound someone give me any suggestions? Thank you very much
Computer will not be as up-to-date Microsoft Security KB2687324. Cannot get rid of the security I have-con either
Hello, 4 days ago I bought dell inspiron with windows 8.1 5748 and a 1 TB hard drive. I also bought samsung 250 GB of ssd drive 840EVO to replace the disk of 1 TB of the laptop. I cloned the HARD disk drive and restored the image in the ssd drive and
JDeveloper version - 18.104.22.168.0I have a master-detail table is employee and the location with a field in common IE country. The country field is an LoV from the country of the employee table and the location.According to my requirement, I slipped and
I just bought and downloaded first / photoshop Elements 14 and both fail to install it on my Mac (El Capitan running). After I get the sign in page of adobe account, I get the Apple crash report. Previously, I had Adobe elements 10 and ensured th