Database replication errors - between two appliance 113

Unanswered Question
Mar 8th, 2007

I have two Secure ACS appliances - primary and a secondary. The secondary is behind the firewall and so we have the IP addresses nat'ed. I can get to the sec appliance via the natt'ed Ip address, but it the primary server says he does not see it. below is the error message I am getting

Inbound database replication from ACS 'Primary' denied - shared secret mismatch

i did read thru the earlier conversation, but It does not solve the issues I am haivng with the replication.

Pls help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Vivek Santuka Thu, 03/08/2007 - 08:10


Usually "shared secret" mismatch means the primary's self key and the primary's key on secondary server do not match.

I would like to to point out that replication is not supported with NAT.



wordworship Thu, 03/08/2007 - 08:53

its worked before. the keys do match.

below is the link that the TAC engineer sent to me:

Vivek Santuka Fri, 03/09/2007 - 05:14


No link in the above post.

Bust if you are using ACS 4 then please check the keys of the NDG and try moving the AAA Server entry to a different NDG.



wordworship Fri, 03/09/2007 - 10:41


Thanks for yor response.

Oops. Sorry about that. below is the link I was give:

I am currently running CiscoSecure ACS v3.3 on the Appliance.

Also is the line from the log of a successful replication: Nothing has changed since then.

Inbound database replication from ACS 'notacs01' completed

Vivek Santuka Sat, 03/10/2007 - 05:51


We need to look at Auth.log for events around the replication.

As I said before, you should try re-entering the secre keys again before looking at logs.




This Discussion