Help with Upgrade

Unanswered Question
Jul 28th, 2007

I was wondering if someone can help me with upgrading my ACS Appliance. It came with 4.0 on it and I want to go to 4.1. I've gotten it to this point:

Cisco Secure ACS: 4.1.3.12

Appliance Management Software: 4.1.3.12

Appliance Base Image: 4.0.1.2

CSA build 4.0.1.543.2: (Patch: 4_0_1_543)

Microsoft Security Bulletin MS06-35,36 and MS06-040,41,51: (Patch: 1_0_0)

Status: Appliance is functioning properly

Seems like the base imagine should also be at 4.1. What am I missing?

TIA!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (4 ratings)
Loading.
Premdeep Banga Sun, 07/29/2007 - 05:09

Hi,

Your Appliance is successfully upgraded to version 4.1.3.12.

Because both Appliance Management Software & Cisco Secure ACS are upgraded to version 4.1.3.12.

Appliance Base Image is optional. And this can only be upgraded by re-imaging the ACS SE using

ACS SE 111x 4.1.1.23 CD.

Base Image contains additional Microsoft patches, and some upgrade to other components like SNMP etc.

Correct procedure to upgrade Base Image, *IF* you want to, would be to,

[1] Take a backup of upgraded database.

[2] Re-image ACS SE using ACS SE 111x 4.1.1.23 recovery CD

[3] Then apply upgrade 4.1.3.12 on 4.1.1.23

[4] Once upgraded, restore the database backup that you took in the first step.

You can get appropriate recovery Cd from by contacting TAC.

Following are the only components introduced in new base image after the one you have,

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs41/rnotes/rnacs41.htm#wp117792

But as per instructions in following link, you are good to go,

Performing a Full Upgrade From ACS SE 4.0.1 to ACS SE 4.1:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/csapp41/igse41/upgap.htm#wp1111375

Regards,

Prem

dbrisson Sun, 08/05/2007 - 19:23

Prem,

Thanks very much for your message regarding my upgrade.

I have tried loading the patch that you referenced above but I am unsuccessful. When I run "upgrade" from the cli, I get the following:

(8/6/2007 12:23:55 AM) Attempting to stop all the ACS Services

(8/6/2007 12:23:55 AM) Attempting to stop the service CSAdmin

(8/6/2007 12:23:55 AM) Successfully stopped the service CSAdmin

(8/6/2007 12:23:55 AM) Attempting to stop the service CSAuth

(8/6/2007 12:23:55 AM) Successfully stopped the service CSAuth

(8/6/2007 12:23:55 AM) Attempting to stop the service CSDbSync

(8/6/2007 12:23:55 AM) Successfully stopped the service CSDbSync

(8/6/2007 12:23:55 AM) Attempting to stop the service CSLog

(8/6/2007 12:23:55 AM) Successfully stopped the service CSLog

(8/6/2007 12:23:55 AM) Attempting to stop the service CSMon

(8/6/2007 12:23:55 AM) Successfully stopped the service CSMon

(8/6/2007 12:23:55 AM) Attempting to stop the service CSRadius

(8/6/2007 12:23:55 AM) Successfully stopped the service CSRadius

(8/6/2007 12:23:55 AM) Attempting to stop the service CSTacacs

(8/6/2007 12:23:55 AM) Successfully stopped the service CSTacacs

(8/6/2007 12:23:55 AM) Attempting to backup the current registry

(8/6/2007 12:23:55 AM) Attempting to install the patch files

(8/6/2007 12:23:55 AM) Attempting to backup the file D:\Program Files\CiscoSecur

e ACS v4.1\bin\CSAdmin.exe

(8/6/2007 12:23:55 AM) !!!!!!! Failed to install patch files !!!!!!!

Failed to upgrade Acs 4.1.3.12.2 to Patch: 4.1.3.12.2 Thu 07/06/2007 10:56:51.3

5

acs>

Do you have any suggestions? I need to get this patch in place so I can get the Windows Remote Agent working.

Thanks!

Dan

Premdeep Banga Mon, 08/06/2007 - 03:48

Hi Dan,

Can you please share the result of "show" from console OR information from System Configuration > Appliance Upgrade Status, page?

Because this is the statement that I am little confused about,

"Failed to upgrade Acs 4.1.3.12.2 to Patch: 4.1.3.12.2?"

I suspect if patch is already applied...

Regards,

Prem

dbrisson Mon, 08/06/2007 - 18:16

Prem,

Here is the output from the show command:

acs> show

Cisco Secure ACS: 4.1.3.12

CSA build 4.0.1.543.2: (Patch: 4_0_1_543)

Time Zone: (GMT-05:00) Eastern Time (US & Canada)

CSA build 4.0.1.543.2: (Patch: 4_0_1_543)

Microsoft Security Bulletin MS06-35,36 and MS06-040,41,5

Cisco Secure ACS: 4.1.3.12

CSA build 4.0.1.543.2: (Patch: 4_0_1_543)

Time Zone: (GMT-05:00) Eastern Time (US & Canada)

As you'll see, it doesn't show the patch is applied, unless I am missing something.

Thanks!

Dan

dbrisson Mon, 08/06/2007 - 18:17

Sorry about that last post...the output from my terminal program went a little haywire. I think it has what you need to see though. If not, certainly let me know.

Thanks!

Dan

Premdeep Banga Tue, 08/07/2007 - 04:07

Hi Dan,

Though the show output does not show Management version detail. But I think that is also at 4.1.3.12.

Not sure what exact step you have followed. just to clarify.

Please see the attached PDF file for application of patch from GUI, and try that.

And application of patch from CLI should be,

- Run autorun.bat

- download

- System Configuration > Appliance Upgrade Status > Apply upgrade...

Regards,

Prem

alfred.lam Fri, 12/21/2007 - 03:16

How about the situation if the web gui is not accessible? How can I upgrade the patches?

I found that the CSAdmin.exe is missing on the appliance.

Please advise, and any suggestion?

Thanks, Alfred

Actions

This Discussion