configuration management for devices associated with ACS

thetnaing00 · ‎08-03-2007

hi,

i have routers and switches associated with ACS 4.1 and they have two loging one is local and one is from ACS. when i try to archive configuration for those devices, i couldn't get any.i do sync archive but it shows success in result but i go to archive management and click the job id,all devices are in pending state.is there anything to do with ACS for this issue?i check all credential using device center,all snmp string as well as telnet result show OK.i use telnet as the only option for archive management.any idea?thanks for your help.

Joe Clarke · ‎08-04-2007

There may be an issue with daemons not starting up properly. Enable ArchiveMgmt Service debugging under RME > Admin > System Preferences > Loglevel Settings, then re-run your job. When it reports as being complete get the dcmaservice.log and the output of pdshow.

This of course assumes that it is only the devices that are integrated with ACS 4.1. If you have LMS 2.6 integrated with ACS 4.1, that is not supported, and may result in failures.

thetnaing00 · ‎08-06-2007

thanks for your reply but i do "sync archive" and go to archive management>archive management job and it shows success but i look further and i see all the devices are in pending category.my lms 2.6 is not integrated with ACS.when i see the error of archive job,it says "TELNET:no route to device" but i try to telnet the device from my LMS server,i can telnet using the same password and user provided in LMS configuration.i also notice that LMS server hostname is not the same as the hostname in LMS configuration certificate. every time i log in,it says host name mismatch.are the problems of archive management related to this as well?thanks.

Joe Clarke · ‎08-06-2007

It could very well be that someone changed the hostname on your LMS server. I would still like to see the log I requested previously, but I would also like to see the output of "set" from the DOS command line as well as the NMSROOT\MDC\etc\regdaemon.xml file. Note: if the data in the regdaemon.xml file is too sensitive to be shared on a public forum, open a TAC service request with the data I have requested, and they can analyze the problem for you.

mnlatif · ‎08-06-2007

Hi,

We have LMS 2.6 integrated with Secure ACS 4.1 appliance and all seems to be working properly. However based on your comment above "LMS 2.6 integration with 4.1 is not supported" , I am a little concerned since we are at the initial stages of deployment and i want to make sure that this configuration will be recognized by TAC.

From a document on cisco.com (http://www.cisco.com/en/US/products/sw/cscowork/ps2425/products_white_paper0900aecd80613f62.shtml)

It seems that it is a supported config

>>? Cisco Secure ACS 4.0(1) (appliance/software)

Any comments ?

We are running 4.1.1.23 on the ACS appliance.

Thanks,

Naman

thetnaing00 · ‎08-06-2007

hi

according from cisco support,if you want to use ACS version 4.0 you need lms 3.0.so,i never tried that before.in the documentation,the cisco says lms2.6 support up to 3.3.4 of ACS version.we are using ACS appliance too.i read that document and they don't say supporting 4.1 they say 4.0(1).i don't think that is the same version.

Joe Clarke · ‎08-06-2007

ACS 4.0 is supported with LMS 2.6. ACS 4.1 is not.

Joe Clarke · ‎08-06-2007

ACS 4.0(1) is not the same as ACS 4.1(1). ACS 4.1 is NOT supported with LMS 2.6 at this time. If you integrate LMS 2.6 with ACS 4.1, TAC will not help you with any problems. If, however, you move to ACS 4.0(1), you will be supported with LMS 2.6.

If you must have ACS 4.1 support, you should upgrade to LMS 3.0.