cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1109
Views
0
Helpful
25
Replies

ACS SE Upgraed from 3.3.3 to 4.

andrew.brazier
Level 4
Level 4

I'm planning the above on an SE 1112. I believe I've figured out the correct process from documentation but are there any gotchas anyone can warn me of?

25 Replies 25

Vivek Santuka
Cisco Employee
Cisco Employee

Hi,

I would strongly suggest keeping a backup from ACS 3.3.3 before starting to upgrade.

Regards,

Vivek

Absolutely! : ) Anything else you can think of? Pitfalls not mentioned in the documentation?

Well, there are couple of bugs which we can hit but nothing as such to prevent them. Once we hit it , we solve it.

Regards,

Vivek

"Well, there are couple of bugs which we can hit"

Such as?!

Please read the Release Notes for Cisco Secure ACS Solution Engine 4.0 to know about known issues.

http://www.cisco.com/en/US/products/sw/secursw/ps5338/prod_release_note09186a008068ddbd.html

g-hopkinson
Level 1
Level 1

Andrew, have you done your upgrade yet. We are trying to upgrade a 1112 to 4.1.1.23 using the recovery disk. No luck so far SE hangs after we have put in the initial configuration and rebooted it. We have found out that the host name has limited character length, also DNS seems to cause a issue, this gets us past the hanging, but leads to authentication processing issues.

If we use the 3.3.3 recovery disk again its ok. Thanks.

Haven't done it yet. Need to schedule downtime with our customer, probably next couple of weeks.

The version we have on our recovery CD is 4.0.1.42, a little older than yours. Hope it works better!

Once I've done it (or not) I'll post here.

ACS 3.3.3 to 4.1 Upgrade

The ACS SE 3.3.3 to 4.1 upgrade package includes the ACS SE 3.3.3 Upgrade CD. Use this CD to upgrade ACS 3.3.3 running on the Cisco 1111 platform or the Cisco 1112 platform to ACS 4.1.

Please make sure that the recovery cd you have is intended for the same ACS appliance hardware platform.

http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_installation_guide_chapter09186a008070c5b8.html

Hi,

Please ensure that you are using NIC1 when you reimage with 4.x.

4.x is sensetive about NIC2 :)

Regards,

Vivek

Hi,

Thanks for the reply.

Our 1112 started life on 3.3.3, so we then applied the 3.3.3 to 4.1 upgrade which worked fine and allowed us the archive the database. We then used the 1112 recovery CD to restore the SE. This failed.

The recovery CD was supplied by TAC, ie published to us on CCO, we then create a image from 3 files suuplied. TAC have confirmed that its the correct software.

We are at a loss, as 3.3.3 works ok.

Thanks.

Hi,

Couple of things we need to ensure :-

1. No Keyboard/Monitor/Mouse attached to appliance

2. NIC 0 is used

Regards,

Vivek

Thanks for the reply.

We have a TAC case open on this now.

This 1112 will not upgrade to any version of 4.x.

We have managed to get through some of the original hurdles by making sure the host name is 15 characters or less and when standalone the DNS servers are not specified.

When re-imaged with 4.1 and 4.0 the 1112 trys to act as a proxy authenticator due to a rogue 169.x.x.x address being configured in its DB, along with its true address. TAC have given us a work around to remove the 169 address however when powered down and rebooted the 1112 looses its IP setings. Re-image with 4.0, same thing happens but it does not loose its IP settings.

I think have to get the unit replaced.

Thanks to all for your contributions, a couple of useful points in there : ) We've scheduled the upgrade with our customer for the 19th March. Watch this space.....

Andrew, Make sure you do a backup and have a working copy of the 3.3.3 recovery disk.

Our 1112 still failed to upgrade to 4.0.

I will update this as we are going to swap out the unit.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: