Upgrade 5.2 to 5.4 ACS
I have an ACS 5.2 deployment and I want to upgrade to version 5.4.
I have 2 server in my deplyement:
1 / first server as authentication server & collector's Journal
2 / secondary server as authentication server.
What is the best way to do the migration?
Normally, I can do the following:
1 / Deregidter ==> of each server from the deployment are the servers standaone
2 / upgrade the secondary server.
3 / upgrade of the backend (without migrate the server logs).
4 / attach servers to the deployment.
steps 2 / and 3 / can be reversed?
Thank you for your response.
of course, you can use sftp as well. However, the SFTP server must meet certain requirements:
-The destination directory must have read/write permissions
-SCP must be activate and the SFTP server must be compatible FIPS.
-As a result of certification FIPS the SSH client should support the following compatible encryption FIPS costumes:
-Key Cipher Exchange: diffie-hellman-group14-sha1 (your SFTP server should be able to negotiate this encryption)
-Encryption cryptographic algorithms: aes256-cbc, aes128-cbc, 3des-cbc
-Does the rate of useful messages-
Tags: Cisco Security
I have 2 servers ACS 3.2 I want to upgrade to 4.2.1 the latest version before 5, as I understand.
My question is about replication. Should I stop the replication of database and upgrade servers separately or not? Can I put the servers as replication of database is configured? If so, is there a specific order of upgrade?
Here the user guide.
"All of the SACRED that is involved in replication must run the same version of the ACS software. For example, if the primary ACS is running ACS version 3.2, all secondary ACSS should run ACS version 3.2. Because patches can introduce significant changes to the internal database of GBA, we strongly recommend that ACSS involved in replication use the same patch level. »
So, I suggest to turn off replication before upgrade. After all of the ACS are upgraded to the same version, you can enable replication again.
I am looking for some assistance, we have a v220.127.116.11 running Cisco ACS 1113 SE and try to update to v.18.104.22.168 following the instructions to upgrade to v22.214.171.124 first.
We use the following CD
"ACS SE overall upgrade CD ACS 3.3.4 and 4,1,1,24 implemented at level"
We can download the 126.96.36.199 image of the ACS system via the distribution server, but the upgrade fails us got out following console when the attempt to upgrade has been tried;
Upgrade package has not been verified.
Apply this package to upgrade may corrupt the device
Continue at your own risk!
Continue? -y (yes), n (no) y
Installation of Cisco Secure ACS Version: 188.8.131.52
The upgrade... Upgrade process successfully launched
Try to install ACS version 4.1 on software version 184.108.40.206
Impossible to install Acs version 4.1 with software version 220.127.116.11
GBA version 4.1 required software version 18.104.22.168
First install the correct version of the software of the device
Failed to upgrade to Cisco Secure ACS to 22.214.171.124
Currently, our unit of ACS is the following:
Cisco Secure ACS 126.96.36.199
ACS - 4.0.144 - EnablePassword -CSCsh32888 fix (patch: 188.8.131.52 Thursday, November 22, 2007 19:51:37.95)
The 184.108.40.206 application management software
Base Unit 220.127.116.11 image
CSA build 18.104.22.1683.2 (Patch: 4_0_1_543)
That would welcome suggestions.
The upgrade package consists of 2 - files that is the management software and ACS software. You must first upgrade management and then continue the ACS software.
The instructions are attached. I would like to know how it works.
I have a few questions about the migration of a Windows ACS server.
Currently we are running on ACS 4.1 / output 4.1 Build 23 (1)
We have a contract of active support for the ACS 4.1 (CSACS - 4.1 - WIN - K9).
Now, we want to switch to ACS 4.2 but it with some remarks.
(1) we need to upgrade our contract to CSACS - 4.2 - WIN - K9?
(2) if we have improved the contract can we download the new software ACS 4.2 of the CEC or do we need to buy the CD?
(3) we want to install the ACS 4.2 with all latest patches on a new server, so, too, that this will be a new IP address.
(4) do we need copy all data from ACS 4.1 to 4.2 this thanks to a restoration or a database sync of ACS 4.1?
(5) by using an eval for ACS 4.2 and the upgrade version then licensed 4.2 ACS needs an eval version uninstall? I read this on the discussion on: https://supportforums.cisco.com/thread/1002944?tstart=900
For point 4), I found that we first have to ACS22.214.171.124 before progressing on the path ACS4.2.X is that correct?
If anyone can answer this question, it would be great.
(1) there is no need to upgrade your contract, you are entitled to GBA 4.2 If you have a valid contract for ACS 4.1.
(2) you will need to open a TAC case and get the software published for you, you don't need to buy anything.
(3) that is fine, install a new copy of ACS 126.96.36.199 and then import your 4.1 backup base. After that, you can improve the new 188.8.131.52 ACS ACS patch 3. 184.108.40.206 ACS patch and 220.127.116.11.3 ACS are available on cisco.com here:
(4) No., you can restore a 18.104.22.168 database in 22.214.171.124.
(5) as you want to go with a new installation and upgrade of the database I want to uninstall the Eval before installing 126.96.36.199.
I know that the two platforms/versions are dinosaurs and we should be upgraded to something more recent like ACS 5.x. However, I am consultant and is not part of the decision to make this migration. I've just loaded to run. The customer going to ISE and purchased in one of their regions. However, this specific pair of ACS servers provide services GANYMEDE + then they will be around for some time.
I'm contemplating how to for migration. There are about 30 local users and more than 2000 devices. There is integration of ads through a pair of remote agents. We want to entry a sweet/new configuration as opposed to a full backup and restore so cleaning may occur on the current arrangements of 8-10 years. So, the best-case scenario is that I have set up new devices (v4.2.1) by hand and import users and network devices.
If I wanted to do, how I'd go to export only the devices and users from the 3.3.2 engine solution?
I thought to reproduce the current 3.3.2 install on a v3.3.2 to install windows then upgrading the windows temp install to 4.2.1 and replication only users and groups to the 4.2.1 new platform but I have access to old media.
Any ideas would be appreciated. Thank you.
The best would be to install v3.3.2, reproduce the configuration and it 188.8.131.52 in path/procedure to upgrade next since you do not have access to OLD media. You can import users and devices using the RDBMS feature.
To export devices network of ACS 3.3.2 engine solution. Go to network setup > Search > maintains the search that is default parameter to search the entire. Press search. There will be a 'Download' option that will appear in the left corner of the search results. Click on save this list.
This list will include,
-Name NDG (if applicable)
NOTE: This will not contain customer AAA Shared Secret keys have
Once the devices are exported, you can import this file to ACS for windows.
You may not be able to export the ACS SE users. You may need to manually create with the new passwords.
Is it possible to set up a favorite report and share with all all the directors of the ACS?
You can add reports in the Shared folder to make them available to all admins. To add reports in the shared folder:
Choose any report that you want to share.
For example, if you want to share the summary report of health ACS, you would choose followed and reports > reports > catalogue > ACS Instance.
ACS Instance reports page appears > run report.
In this example, the ACS health synthesis report is displayed.
Launching the report in the Interactive Viewer.
Click the back to the upper-left corner of the page viewer Interactive.
The backup window appears.
Choose the Shared folder in a folder list box choose it.
Enter a file name of your choice.
The report is saved in your shared folder and is available to all users.
Note the common reports that were created in older versions of the ACS don't work after upgrade you an earlier version of ACS ACS 5.4 or install a new version of ACS 5.4. Therefore, you must delete the existing shared reports and add them to the point 5.4 ACS.
-Does the rate of useful messages-
I have a requirement to improve my 3.3 to 184.108.40.206 ACS database, because I need to use this database on our acs device that is running 220.127.116.11. I saved 3.3 acs database, I have try to install acs 3.3 Server stand alone and upgrade to 3.3.4 then 18.104.22.168 back to the top and upgrade to 22.214.171.124 and upgrade to 126.96.36.199.
I have an account valid ORC, but I don't see acs software to 3.3 on download software, could any please help me link download acs 3.3 on cisco download software.
Old acs 3.3 Simialry a network group of about 2000-3000 network devices database, these is database upgrade requires any valid for each acs upgrade license key, otherwise all the software with the base line will do this.
Please post link to this all of the software download (3.3.0, 3.3.4 188.8.131.52), thank you
for software, you will need to open a TAC case. There is no license keys for ACS ACS 4.2 3.3.
I hope this helps.
P.S.: Please mark this thread as answered if you feel that your query is resolved. Note the useful messages.
I have a few question about license during the upgrade to a 5.3 x ACS.
(1) when the 184.108.40.206.1-> 220.127.116.11 upgrade would require you update license (I guess not because he is minor update)
(2) classes of 5.3.x to 5.4.x would require you update license (I guess not since it is minor update too)
(3) what is the process of the application of the licence, it is during the installation or after installation (I guess that point 1 & 2 is not necessary)
kindly advice if I am wrong here
Thanks in advance
You can use the same license. But if you need to recreate the image then you will be asked to provide the same license again.
Rating of useful answers is more useful to say "thank you".
I try ACS 18.104.22.168 update to the new version 22.214.171.124. Everything looks ok:
ACS-machine / acsadmin # application upgrade ACS_126.96.36.199.tar.gz rep01
You want to save the current configuration? (yes/no) [Yes]?
Save the configuration running at startup
Application of % CARS installation required post installation reboot...
Broadcast from root (pts/0) message (Thu Dec 6 23:36:41 2012):
The system is down for reboot NOW!
Successful application update
But the ACS (vmware instance) machine cannot be started with this result: Volume group 'smosvg' not found. (see attachment for details)
Have you installed patch 8 on the 188.8.131.52 before moving to 5.4?
Maybe you run in CSCuc93106...
I would like to upgrade our current ACS NT Terminalserver edition server to a Win2000 server. Since this upgrade requires a fresh installation (since a direct upgrade from NT 4 TS to w2k is not the best thing to do). My question is, do I have to do to ensure that I can keep my user database active? Is replication the answer? And replication will make a copy of all the different users/groups/routers etc etc. In other words, I'll be able to do this upgrade without too much trouble?
I speak here of a replication of the database, do not configure replication between servers ACS.
Here is the doc that will help you to do this
Can I upgrade my 184.108.40.206.3 to 220.127.116.11.1 ACS servers without applying the 18.104.22.168.4 patch?
It is always advisable to upgrade to the latest patch before moving on to the next version.
Therefore, it would be advisable to install the patch 4 and then go to 5.7.
Please evaluate the useful messages.
Can someone tell me how to upgrade ACS from 5.3 to 5.6. We need to install the patches available, or we can do it directly.
Please see the Upgrade Guide.
Let me know if you have any other doubts.
JAI Ganesh K
I have a Cisco ACS 3.3 running on a win2k platform server and I need to upgrade to ACS4.0 on win2k.
-3.3 backup and restoring files on web interface 4.0 does not work;
-the same operation using csutils.exe works not (csutil b [...], then csutil - r [...])
-J' installed the new machine with ACS3.3, I imported the data/group/user with csutil, then I installed ACS 4.0 using setup.exe. The result is that the ACS services will not start
Anyone know what I need to do?
-3.3 backup and restoring files on web interface 4.0 do not work.
* It won't work, because in ACS we can back up and restore the database among same versions only of the ACS, also applies to replication.
-the same operation using csutils.exe works not (csutil b [...], then csutil - r [...])
* Answer will be the same as above.
-J' installed the new machine with ACS3.3, I imported the data/group/user with csutil, then I installed ACS 4.0 using setup.exe. The result is that the ACS services do not start.
* Normal this is if you hit a bug, that when we try to upgrade a database of ACS 3.3 (x) xx of ACS 4.0 build we have leak customer spaces AAA and/or servers writing AAA in databaae, and that can cause a problem. But we cannot not be hitting this bug.
How to upgrade:
 make sure we follow the path correct upgradation and supported:
 then follow following steps upgrade:
Summarizing link above, just run installation of ACS 4.0 on an existing installation of ACS 3.3, and the installation program will ask itself, to save the previous configuration, select Yes at this time.
Let me know if it helps. Please rate if this helps.
I have problems updating my primary ACS since version 3.3-> 4.0
I always get the following error message, then it does the upgrade:
"The record of the CiscoSecure ACS seems to be blocked by another application: C:\Program Files\CiscoSecure ACS v3.3.
Please close all applications... blabla... »
The thing is, I have improved my ACS backup first, and this upgrade worked like a charm.
In both cases, both for the primary and backup I do a takeover with Dameware remote, copied the ACS 4 folder on the hard disk of the server and make the upgrade of this folder.
As I said, the upgrade of backup server worked without a hitch.
That's what I tried:
1. I checked that NO application use the 3.3 ACS file and no Explorer window is open on this folder or subfolders.
I checked using a small program called Filemon.exe from Sysinternals. According to this program, anything accessed said folder.
I also checked it again by renaming actually ACS 3.3 file once I stop all services of the ACS. I could not rename the folder if the services have been started.
2. I tried to stop the ACS services first and then make the configuration, got the same error.
3. I have disabled the antivirus software, got the same error.
Basically I am at my wits end now...
However, I have two options:
1. uninstall ACS 3.3, do a clean install of ACS 4.0 and import the data of all the GBA backup.
Who would not raise by the primary association with the ACS configuration backup? So I think I will need to go on it later and make changes, if necessary?
2 make a backup of the ACS 3.3 with csutil b
Uninstall ACS 3.3, do a clean install of ACS 4.0 and import all the data with csutil - r
Would this work? I've seen conflicting information here in this forum, some say that it works, the other say it's not.
I'm a little confused why it worked so well the GBA backup but fails on the primary ACS.
Any help would be greatly appreciated!
Folder lock message often appears if newspapers located in the directory of the ACS are too big.
Move the logs of the following directories: -.
Then try to upgrade.
By opting for the ACS 3.2, all my settings and the securities will remain the same? If this isn't the case, I have a router connected to the server and I will get locked. I heard there is a specific order for the removal of the lines to avoid of locking me. Is this true?
You will need to select the option "Yes, import the existing configuration", while improving the ACS software. Information on the upgrade of Cisco ACS software Preserving Configuration found in the documentation to
Maybe you are looking for
I just tried to use facetime and imessage for the first time to communicate with my children I found both works find for my son, but when I try to send my daughter a message it says its ID is not registered - same facetime doesn't work I checked in t
IM pretty bad at this naked language with me. I have a table 1 d of eight values and another 1 d array of lets say 800 values. I would like to remove the first element in the first table in the first 100 items in the second table, then the second ele
I have a HP Compaq Mini 110 with a BIOS password that prevent the operating system from loading. I tried to unplug the battery CMOS and power battery etc. with no joy, the rest password again. System hault code is: CNU9371G22 If anyone can generate
I just deleted a few folders of my trash that I didn't delete. Is there a way to recover these files? Thank you.
I'm just trying to see if I can move on to more memory on the hard drive of my computer or if I just need to go buy an external hard drive?