ACS Replication Issue

Unanswered Question

Hi,

I recently upgraded to ACS 4.1.4.13.3 and when I try to configure replication I get "Cannot replicate to 'bos2-23-acs-1' - server not responding".

I can ping the IP and hostname listed above. Since we were using IPsec between sites, I also verified that the replication was being sent from the Master over port TCP 2000.

Our setup is as follows. Master in NY, Slave in Boston. The master has a few Replication Components selected that match the slave. Outbound Replication is set as per the schedule on the Master. The Replication Partner is selected from the list on the Master. On the Slave, matching Replication Components are selected. Outbound rep set to manual. The Master is listed as a AAA server (not partner). Inbound Replication is configured to accept replication from the Master with a 15 minute timeout (matches Master).

When I click "Replicate Now" from the Master, I get "Cannot replicate to 'bos2-23-acs-1' - server not responding". I have also tried a reboot and to pull from the slave (no luck).

Any ideas? Thanks!

John

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
somishra Tue, 02/19/2008 - 00:42

Hi John,

Few things to check for replication:

- make sure that the software versions on both the ACS servers are exactly the same

- the replication components selected in the primary server to send should be selected as receive in the secondary server

- in the primary server, Under Partners - the secondary server entry should be under the replication column

- in the secondary server, under partners- there should be no entry under the replication column - the primary server entry should be under AAA servers column

- make sure that the shared secret keys are the same for both the ACS server entries in both the primary and the secondary ACS servers.

somishra

Jagdeep Gambhir Tue, 02/19/2008 - 06:10

Adding more to somishra

1) Make sure that you are not replicating over NAT. Replication over NAT does not work because the IP is used as part of the server authentication

2) Next, check to make sure that you are not sending or receiving the distribution table. On the primary server, the distribution table should not be checked in the send list, and on the secondary, the distribution table should not be checked for receive.

3) Then I would like you to check in the secondary server's partner list, to make sure that the primary is not listed. You should not enter the primary server into the partner list on the secondary server. However, the primary server should have all secondary servers listed in its partner list.

4) Ensure that the secondary server has it's replication scheduling set to "manual".

5) Please verify that your servers are all running exactly the same ACS version and build.

6) Check if we have any firewall in between two acs servers. Incase you do , then please have your firewall checked and reconfigured to disable any inspection on port 2000.

Regards,

~JG

Do rate helpful posts

Jagdeep Gambhir Wed, 02/20/2008 - 08:55

I would suggest to sniff secondary acs port and see if it is getting any traffic from primary acs.

This should help in isolating the issue.

Regards,

~JG

DaturaX88 Sun, 05/04/2008 - 19:34

I am facing the same issues as the Topic Starter. Have you managed to resolve this issue?

Actions

This Discussion