Upgrade to ACS 4.1.4

Unanswered Question
May 13th, 2008


I'm in the process of staging an upgrade from ACS 3.2(3) to 4.1(4.13).

The process to complete the upgrade is ACS 3.2(3) -> 3.3(3) -> 4.1(1) -> 4.1.(4.13).

The upgrade steps 3.2(3) -> 3.3(3) and from 3.3(3) to 4.1(1) work reliably, but I am seeing issues when applying 4.1(4.13) in that during the part of the installation when the previous version of CiscoSecure ACS is being removed, errors relating to rad_mon.dll and tac_mon.dll still being in use are generated, following by a number of errors regarding moving components and creating databases. Sometimes the upgrade is successful and sometimes it fails as described above.

Has anyone else encountered this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.9 (9 ratings)
Jagdeep Gambhir Tue, 05/13/2008 - 05:02

Try stopping all acs services ,then try to upgrade and see if still we get that error.

It seems that some database component on the system are corrupt.

I will suggest you to upgrade your acs database using different system and install 4.1.1 from scratch on your main server. Use clean.exe to uninstall acs.

Once you have 4.1.1 installed, restore your database and then finally upgrade it to 4.1.4.



Do rate helpful posts

mmelbourne Tue, 05/13/2008 - 05:57

OK, I'll try stopping the ACS services before upgrading from 4.1.1 to 4.1.4.

I will take the precaution of backing up the ACS 4.1.1 configuration before attempting to upgrade to 4.1.4. I have used clean.exe to remove a failed 4.1.4 install and then reinstalled 4.1.1. Although the reinstallation did spot that a previous installation hadn't completed, and offered to import the configuration (which presumably had been stored outside of the "CiscoSecure v4.1" Program folder)?

Also, my installation appears to be authenticating users against a Windows 2000 AD without the 'CISCO' Computer Account in AD (referred to in the Post-Installation notes). This installation is running on two Windows 2000 Domain Controllers.

mmelbourne Sun, 05/18/2008 - 10:53

To work around the issues with 4.1.1 to 4.1.4 upgrades, I found the best solution was to not elect to start the ACS services at the end of the 4.1.1 upgrade, and then apply 4.1.4. The other way is to set the services to Manual and reboot before applying the 4.1.4 upgrade as this ensures the rad_mon.dll and tac_mon.dll files are not in use.

I upgraded both Primary and Secondary ACS servers from 3.2.3 to 4.1.4 (Patch 8) and all seemed to work until database replication corrupted the Secondary database (after the second replication) to the point where the CSACS services would fail to start. In the end I removed the 4.1.4 installation on the Secondary, and installed a 'clean' 4.1.4 and replicated the database to that.

shammock Thu, 05/22/2008 - 16:05

Has anyone successfully patched to ACS- from any previous 4.1.4 version? ACS services fail to start when I apply it, so I'm questioning the patch (yes I stopped all ACS services first & even re-downloaded so it's not patch file corruption). I dropped down to ACS- & services run fine.


mmelbourne Fri, 05/23/2008 - 00:29

I did spot CSCsq00294 when performing a bug scrub for an upgrade to 4.1.4. Patch 9 came out just as I was testing the upgrade, so stuck at Patch 8.

ACS services unable to start after upgrade to patch ACS


ACS services not able to start after upgrade to patch


Navigate to ACS_INSTALL_DIR\bin\ from command prompt and execute "CSUpdate.exe -upgrade CSDB\upgrade.dat"



dmitry Sun, 05/25/2008 - 12:51

It looks like after this patch the previously defined NDG causes the CSAdmin service )and others) to fail. Actually the patch was suppose to fix one of the NDG related BUGs. It was too late for me, will try my backups

mmelbourne Tue, 06/03/2008 - 09:22

I see Patch 10 for CSACS has now made it onto CCO. Patch 9 has been pulled.

Bug CSCsq52930 has been identified:

"With NDG, services are failing to start after upgrading to"

Michael Anderson Fri, 06/06/2008 - 11:11

I have some new servers that I need to get from 4.1.1 to 4.1.4(13) Patch 1. The release notes state that 4.1.4 has to be installed prior to installing the 4.1.4(13).x patch. Reviewing this article makes me think this pre-req is NOT required. Now if I can go from 4.1.1 to 4.1.4, what is the recommended stable patch release? And, since 4.1.4(13) Patch 1 is no longer available, will this affect my replication? Or do I need to upgrade my existing ACS servers prior to doing a replication with the new servers?

Jagdeep Gambhir Fri, 06/06/2008 - 11:34

For replication both servers should be exactly on same code/patch.

Your upgrade path would be

4.1.1---->4.1.4----->4.1.4 (patch)

For patch you can go for 5 or 6. I would suggest to check the release notes before you apply it.



Do rate helpful posts

Michael Anderson Fri, 06/06/2008 - 12:21

OK so now comes the stupid question on my part. Where is 4.1.4? All I see are 4.1.4 w/patches.

Jagdeep Gambhir Fri, 06/06/2008 - 12:37

For that you need to open a TAC case. ACS softwares are not listed on CCO.



Do rate helpful posts


This Discussion