Upgrade 5.2 to 5.4 ACS


I have an ACS 5.2 deployment and I want to upgrade to version 5.4.

I have 2 server in my deplyement:

1 / first server as authentication server & collector's Journal

2 / secondary server as authentication server.

What is the best way to do the migration?

Normally, I can do the following:

1 / Deregidter ==> of each server from the deployment are the servers standaone

2 / upgrade the secondary server.

3 / upgrade of the backend (without migrate the server logs).

4 / attach servers to the deployment.

steps 2 / and 3 / can be reversed?

Thank you for your response.


of course, you can use sftp as well. However, the SFTP server must meet certain requirements:

-The destination directory must have read/write permissions

-SCP must be activate and the SFTP server must be compatible FIPS.

-As a result of certification FIPS the SSH client should support the following compatible encryption FIPS costumes:

-Key Cipher Exchange: diffie-hellman-group14-sha1 (your SFTP server should be able to negotiate this encryption)

-Encryption cryptographic algorithms: aes256-cbc, aes128-cbc, 3des-cbc

-MAC: hmac-sha1

Jatin kone
-Does the rate of useful messages-

Tags: Cisco Security

Similar Questions

  • ACS 3.2 on Win2k - upgrade from the replicated SACRED path

    Hi all

    I have 2 servers ACS 3.2 I want to upgrade to 4.2.1 the latest version before 5, as I understand.

    My question is about replication. Should I stop the replication of database and upgrade servers separately or not? Can I put the servers as replication of database is configured? If so, is there a specific order of upgrade?

    Thank you


    Here the user guide.

    "All of the SACRED that is involved in replication must run the same version of the ACS software. For example, if the primary ACS is running ACS version 3.2, all secondary ACSS should run ACS version 3.2. Because patches can introduce significant changes to the internal database of GBA, we strongly recommend that ACSS involved in replication use the same patch level. »

    So, I suggest to turn off replication before upgrade. After all of the ACS are upgraded to the same version, you can enable replication again.

  • 1113 ACS SE upgrade to not


    I am looking for some assistance, we have a v4.0.1.44 running Cisco ACS 1113 SE and try to update to v. following the instructions to upgrade to v4.1.1.24 first.

    We use the following CD

    "ACS SE overall upgrade CD ACS 3.3.4 and 4,1,1,24 implemented at level"

    We can download the image of the ACS system via the distribution server, but the upgrade fails us got out following console when the attempt to upgrade has been tried;

    Upgrade package has not been verified.

    Apply this package to upgrade may corrupt the device

    Continue at your own risk!

    Continue? -y (yes), n (no) y

    Installation of Cisco Secure ACS Version:

    The upgrade... Upgrade process successfully launched

    Try to install ACS version 4.1 on software version

    Impossible to install Acs version 4.1 with software version

    GBA version 4.1 required software version

    First install the correct version of the software of the device

    Failed to upgrade to Cisco Secure ACS to

    Currently, our unit of ACS is the following:

    Cisco Secure ACS

    ACS - 4.0.144 - EnablePassword -CSCsh32888 fix (patch: Thursday, November 22, 2007 19:51:37.95)

    The application management software

    Base Unit image

    CSA build (Patch: 4_0_1_543)

    That would welcome suggestions.



    Hello Jim

    The upgrade package consists of 2 - files that is the management software and ACS software. You must first upgrade management and then continue the ACS software.

    The instructions are attached. I would like to know how it works.

    Thank you


  • Update / migration ACS 4.1 to 4.2

    Hi all

    I have a few questions about the migration of a Windows ACS server.

    Currently we are running on ACS 4.1 / output 4.1 Build 23 (1)

    We have a contract of active support for the ACS 4.1 (CSACS - 4.1 - WIN - K9).

    Now, we want to switch to ACS 4.2 but it with some remarks.

    (1) we need to upgrade our contract to CSACS - 4.2 - WIN - K9?

    (2) if we have improved the contract can we download the new software ACS 4.2 of the CEC or do we need to buy the CD?

    (3) we want to install the ACS 4.2 with all latest patches on a new server, so, too, that this will be a new IP address.

    (4) do we need copy all data from ACS 4.1 to 4.2 this thanks to a restoration or a database sync of ACS 4.1?

    (5) by using an eval for ACS 4.2 and the upgrade version then licensed 4.2 ACS needs an eval version uninstall? I read this on the discussion on: https://supportforums.cisco.com/thread/1002944?tstart=900

    For point 4), I found that we first have to ACS4.1.1.24 before progressing on the path ACS4.2.X is that correct?

    Link: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/installation/guide/windows/install.html#wp1080517

    If anyone can answer this question, it would be great.

    Kind regards



    (1) there is no need to upgrade your contract, you are entitled to GBA 4.2 If you have a valid contract for ACS 4.1.

    (2) you will need to open a TAC case and get the software published for you, you don't need to buy anything.

    (3) that is fine, install a new copy of ACS and then import your 4.1 backup base.  After that, you can improve the new ACS ACS patch 3. ACS patch and ACS are available on cisco.com here:


    (4) No., you can restore a database in

    (5) as you want to go with a new installation and upgrade of the database I want to uninstall the Eval before installing


  • Migrate from ACS 3.3.2 SE to 4.2.1 for Windows

    Hi all


    I know that the two platforms/versions are dinosaurs and we should be upgraded to something more recent like ACS 5.x.  However, I am consultant and is not part of the decision to make this migration.  I've just loaded to run.  The customer going to ISE and purchased in one of their regions.  However, this specific pair of ACS servers provide services GANYMEDE + then they will be around for some time.


    I'm contemplating how to for migration.  There are about 30 local users and more than 2000 devices.  There is integration of ads through a pair of remote agents.  We want to entry a sweet/new configuration as opposed to a full backup and restore so cleaning may occur on the current arrangements of 8-10 years.  So, the best-case scenario is that I have set up new devices (v4.2.1) by hand and import users and network devices.

    If I wanted to do, how I'd go to export only the devices and users from the 3.3.2 engine solution?

    I thought to reproduce the current 3.3.2 install on a v3.3.2 to install windows then upgrading the windows temp install to 4.2.1 and replication only users and groups to the 4.2.1 new platform but I have access to old media.

    Any ideas would be appreciated.  Thank you.

    The best would be to install v3.3.2, reproduce the configuration and it in path/procedure to upgrade next since you do not have access to OLD media. You can import users and devices using the RDBMS feature.

    To export devices network of ACS 3.3.2 engine solution. Go to network setup > Search > maintains the search that is default parameter to search the entire. Press search. There will be a 'Download' option that will appear in the left corner of the search results. Click on save this list.

    This list will include,


    -IP address


    -Name NDG (if applicable)

    NOTE: This will not contain customer AAA Shared Secret keys have

    Once the devices are exported, you can import this file to ACS for windows.


    You may not be able to export the ACS SE users. You may need to manually create with the new passwords.

    Kind regards



    Posted by WebUser Jatin Katyal of the Cisco support community App

  • Favorites of ACS 5 reports


    Is it possible to set up a favorite report and share with all all the directors of the ACS?

    Thank you


    Sharing reports

    You can add reports in the Shared folder to make them available to all admins. To add reports in the shared folder:

    Choose any report that you want to share.

    For example, if you want to share the summary report of health ACS, you would choose followed and reports > reports > catalogue > ACS Instance.

    ACS Instance reports page appears > run report.

    In this example, the ACS health synthesis report is displayed.

    Launching the report in the Interactive Viewer.

    Click the back to the upper-left corner of the page viewer Interactive.

    The backup window appears.

    Choose the Shared folder in a folder list box choose it.

    Enter a file name of your choice.

    Click Save.

    The report is saved in your shared folder and is available to all users.

    Note the common reports that were created in older versions of the ACS don't work after upgrade you an earlier version of ACS ACS 5.4 or install a new version of ACS 5.4. Therefore, you must delete the existing shared reports and add them to the point 5.4 ACS.

    Kind regards

    Jatin kone

    -Does the rate of useful messages-

  • GBA 3.3 download

    Hi all

    I have a requirement to improve my 3.3 to ACS database, because I need to use this database on our acs device that is running  I saved 3.3 acs database, I have try to install acs 3.3 Server stand alone and upgrade to 3.3.4 then back to the top and upgrade to and upgrade to

    I have an account valid ORC, but I don't see acs software to 3.3 on download software, could any please help me link download acs 3.3 on cisco download software.

    Old acs 3.3 Simialry a network group of about 2000-3000 network devices database, these is database upgrade requires any valid for each acs upgrade license key, otherwise all the software with the base line will do this.

    Please post link to this all of the software download (3.3.0, 3.3.4, thank you


    for software, you will need to open a TAC case. There is no license keys for ACS ACS 4.2 3.3.

    I hope this helps.

    Kind regards


    P.S.: Please mark this thread as answered if you feel that your query is resolved. Note the useful messages.

  • Issue of license will 5.3 5.4

    Hi all

    I have a few question about license during the upgrade to a 5.3 x ACS.

    (1) when the> upgrade would require you update license (I guess not because he is minor update)

    (2) classes of 5.3.x to 5.4.x would require you update license (I guess not since it is minor update too)

    (3) what is the process of the application of the licence, it is during the installation or after installation (I guess that point 1 & 2 is not necessary)

    kindly advice if I am wrong here

    Thanks in advance


    You can use the same license. But if you need to recreate the image then you will be asked to provide the same license again.

    Rating of useful answers is more useful to say "thank you".

  • upgrade ACS 5.3 5.4 fails


    I try ACS update to the new version Everything looks ok:

    ACS-machine / acsadmin # application upgrade ACS_5.4.0.46.tar.gz rep01

    You want to save the current configuration? (yes/no) [Yes]?

    Building configuration...

    Save the configuration running at startup

    Application of % CARS installation required post installation reboot...

    Broadcast from root (pts/0) message (Thu Dec 6 23:36:41 2012):

    The system is down for reboot NOW!

    Successful application update

    But the ACS (vmware instance) machine cannot be started with this result: Volume group 'smosvg' not found. (see attachment for details)

    Any ideas?



    Have you installed patch 8 on the before moving to 5.4?

    Maybe you run in CSCuc93106...


    Ehhmm... unlikely.

  • The upgrade to Cisco ACS


    I would like to upgrade our current ACS NT Terminalserver edition server to a Win2000 server. Since this upgrade requires a fresh installation (since a direct upgrade from NT 4 TS to w2k is not the best thing to do). My question is, do I have to do to ensure that I can keep my user database active? Is replication the answer? And replication will make a copy of all the different users/groups/routers etc etc. In other words, I'll be able to do this upgrade without too much trouble?

    I speak here of a replication of the database, do not configure replication between servers ACS.

    Here is the doc that will help you to do this


  • ACS to Server upgrade

    Hi all

    Can I upgrade my to ACS servers without applying the patch?

    Thank you.

    Hey Pratik,

    It is always advisable to upgrade to the latest patch before moving on to the next version.

    Therefore, it would be advisable to install the patch 4 and then go to 5.7.

    Kind regards


    Please evaluate the useful messages.

  • ACS 5.3 to 5.6 upgrade procedure

    Can someone tell me how to upgrade ACS from 5.3 to 5.6. We need to install the patches available, or we can do it directly.

    Help, please!

    Kind regards


    Hello Santosh,

    Please see the Upgrade Guide.


    Let me know if you have any other doubts.

    Kind regards

    JAI Ganesh K

  • ACS 3.3 to 4.0 upgrade problems


    I have a Cisco ACS 3.3 running on a win2k platform server and I need to upgrade to ACS4.0 on win2k.

    -3.3 backup and restoring files on web interface 4.0 does not work;

    -the same operation using csutils.exe works not (csutil b [...], then csutil - r [...])

    -J' installed the new machine with ACS3.3, I imported the data/group/user with csutil, then I installed ACS 4.0 using setup.exe. The result is that the ACS services will not start

    Anyone know what I need to do?

    Thank you


    Hi Antonio,.

    -3.3 backup and restoring files on web interface 4.0 do not work.

    * It won't work, because in ACS we can back up and restore the database among same versions only of the ACS, also applies to replication.

    -the same operation using csutils.exe works not (csutil b [...], then csutil - r [...])

    * Answer will be the same as above.

    -J' installed the new machine with ACS3.3, I imported the data/group/user with csutil, then I installed ACS 4.0 using setup.exe. The result is that the ACS services do not start.

    * Normal this is if you hit a bug, that when we try to upgrade a database of ACS 3.3 (x) xx of ACS 4.0 build we have leak customer spaces AAA and/or servers writing AAA in databaae, and that can cause a problem. But we cannot not be hitting this bug.

    How to upgrade:

    [1] make sure we follow the path correct upgradation and supported:


    [2] then follow following steps upgrade:


    Summarizing link above, just run installation of ACS 4.0 on an existing installation of ACS 3.3, and the installation program will ask itself, to save the previous configuration, select Yes at this time.

    Let me know if it helps. Please rate if this helps.

    Kind regards

    Rafael Lanna

  • Cisco Secure ACS 3.3 (1)-> 4.0 upgrade problems (1)

    Hi all!

    I have problems updating my primary ACS since version 3.3-> 4.0

    I always get the following error message, then it does the upgrade:

    "The record of the CiscoSecure ACS seems to be blocked by another application: C:\Program Files\CiscoSecure ACS v3.3.

    Please close all applications... blabla... »

    The thing is, I have improved my ACS backup first, and this upgrade worked like a charm.

    In both cases, both for the primary and backup I do a takeover with Dameware remote, copied the ACS 4 folder on the hard disk of the server and make the upgrade of this folder.

    As I said, the upgrade of backup server worked without a hitch.

    That's what I tried:

    1. I checked that NO application use the 3.3 ACS file and no Explorer window is open on this folder or subfolders.

    I checked using a small program called Filemon.exe from Sysinternals. According to this program, anything accessed said folder.

    I also checked it again by renaming actually ACS 3.3 file once I stop all services of the ACS. I could not rename the folder if the services have been started.

    2. I tried to stop the ACS services first and then make the configuration, got the same error.

    3. I have disabled the antivirus software, got the same error.

    Basically I am at my wits end now...

    However, I have two options:

    1. uninstall ACS 3.3, do a clean install of ACS 4.0 and import the data of all the GBA backup.

    Who would not raise by the primary association with the ACS configuration backup? So I think I will need to go on it later and make changes, if necessary?

    2 make a backup of the ACS 3.3 with csutil b

    Uninstall ACS 3.3, do a clean install of ACS 4.0 and import all the data with csutil - r

    Would this work? I've seen conflicting information here in this forum, some say that it works, the other say it's not.

    I'm a little confused why it worked so well the GBA backup but fails on the primary ACS.

    Any help would be greatly appreciated!

    Thank you!

    Ivar Thorolfsson


    Folder lock message often appears if newspapers located in the directory of the ACS are too big.

    Move the logs of the following directories: -.









    Then try to upgrade.

    Kind regards


  • The ACS upgrade to 3.2


    By opting for the ACS 3.2, all my settings and the securities will remain the same? If this isn't the case, I have a router connected to the server and I will get locked. I heard there is a specific order for the removal of the lines to avoid of locking me. Is this true?

    Thank you

    You will need to select the option "Yes, import the existing configuration", while improving the ACS software. Information on the upgrade of Cisco ACS software Preserving Configuration found in the documentation to


Maybe you are looking for

  • cannot imessage or facetime 1 contact of my macbook

    I just tried to use facetime and imessage for the first time to communicate with my children I found both works find for my son, but when I try to send my daughter a message it says its ID is not registered - same facetime doesn't work I checked in t

  • Subtraction of loop between two bays

    IM pretty bad at this naked language with me. I have a table 1 d of eight values and another 1 d array of lets say 800 values. I would like to remove the first element in the first table in the first 100 items in the second table, then the second ele

  • HP: HP Compaq Mini 110 - Bios password

    I have a HP Compaq Mini 110 with a BIOS password that prevent the operating system from loading.   I tried to unplug the battery CMOS and power battery etc. with no joy, the rest password again. System hault code is: CNU9371G22 If anyone can generate

  • Items deleted from trash

    I just deleted a few folders of my trash that I didn't delete.  Is there a way to recover these files?  Thank you.

  • Is it possible to upgrade memory hard drive?

    I'm just trying to see if I can move on to more memory on the hard drive of my computer or if I just need to go buy an external hard drive?