Windows ACS 4.1.23 patch 5 to ACS SE 4.1.23 patch 5 replication

Unanswered Question

Good day, I'm trying to setup replication between a Windows ACS and an appliance ACS. The Windows ACS will be the master so the applianance will the be secondary.

I have setup the replication partners, I have verified the shared secretes, I have moved them to the not assigned NDG. When I kick off the replication and check the log file I get the following error

07/12/2007 09:17:08 55cntac01 ERROR Inbound database replication from ACS 'ressappcw01' denied

Any help would be great.

Thx

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
somishra Thu, 07/12/2007 - 05:45

The version of the ACS software must be the same in both the servers

Replication Compoments -

The components selected for SEND in the primary ACS should be selected under RECEIVE in the secondary ACS

Replication Partners-

In the Primary ACS, the Secondary server should be under the Replication column wheareas in the Secondary ACS, the primary server should be under the AAA server column

Hope this helps.

Soumya

parmsing Thu, 07/12/2007 - 05:46

Hi,

seems like misconfiguration, Please refer the following link.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080742f60.shtml

There is not much differance between ACS appliance and ACS software. If you have remote agent configured in appliance you would face issues with the RA entries, they would be automatically removed after each success replication because ACS for windows does not understand what RA is and it would remove that entry from the appliance configuration.

Thanks

Parminder

Jagdeep Gambhir Thu, 07/12/2007 - 05:51

Rich,

1) Make sure that you are not replicating over NAT. Replication over NAT does not work because the IP is used as part of the server authentication

2) Next, check to make sure that you are not sending or receiving the distribution table. On the primary server, the distribution table should not be checked in the send list, and on the secondary, the distribution table should not be checked for receive.

3) Then I would like you to check in the secondary server's partner list, to make sure that the primary is not listed. You should not enter the primary server into the partner list on the secondary server. However, the primary server should have all secondary servers listed in its partner list.

4) Ensure that the secondary server has it's replication scheduling set to "manual".

5) Please verify that your servers are all running exactly the same ACS version and build.

6) Also let me know if we have any firewall in between two acs servers.

Regards,

~JG

jwhitepnv Tue, 10/16/2007 - 18:23

I am having an issue replicating from a master server to a standby. I have tried the items listed below. The error I am getting is Cannot replicate to 'edc1blp1dom01' - server not responding. I am able to connect to the server.

Jagdeep Gambhir Wed, 10/17/2007 - 04:40

Is it acs for windows or acs appliance ? Do you see any hits on the secondary acs ?

If it running on acs windows , I would like to know harware configuration , specially no. of processors ?

Regards,

~JG

jwhitepnv Wed, 10/17/2007 - 04:43

It is ACS on windows. It is IBM x346 with Dual 3.00GHz Proc's and 2GB ram.

Jagdeep Gambhir Wed, 10/17/2007 - 04:48

Can you please get the sniffer from both acs at the time of replication ?

That will let us know where request is going and what response we get back..

You can use ethereal software to sniff the acs traffic.

Also make sure there is no firewall in between two ...if there is then make sure port 2000 is open.

Regards,

~JG

Actions

This Discussion