cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1287
Views
44
Helpful
15
Replies

Upgrade to ACS 4.1.4

mmelbourne
Level 5
Level 5

Hi,

I'm in the process of staging an upgrade from ACS 3.2(3) to 4.1(4.13).

The process to complete the upgrade is ACS 3.2(3) -> 3.3(3) -> 4.1(1) -> 4.1.(4.13).

The upgrade steps 3.2(3) -> 3.3(3) and from 3.3(3) to 4.1(1) work reliably, but I am seeing issues when applying 4.1(4.13) in that during the part of the installation when the previous version of CiscoSecure ACS is being removed, errors relating to rad_mon.dll and tac_mon.dll still being in use are generated, following by a number of errors regarding moving components and creating databases. Sometimes the upgrade is successful and sometimes it fails as described above.

Has anyone else encountered this?

15 Replies 15

Jagdeep Gambhir
Level 10
Level 10

Try stopping all acs services ,then try to upgrade and see if still we get that error.

It seems that some database component on the system are corrupt.

I will suggest you to upgrade your acs database using different system and install 4.1.1 from scratch on your main server. Use clean.exe to uninstall acs.

Once you have 4.1.1 installed, restore your database and then finally upgrade it to 4.1.4.

Regards,

~JG

Do rate helpful posts

OK, I'll try stopping the ACS services before upgrading from 4.1.1 to 4.1.4.

I will take the precaution of backing up the ACS 4.1.1 configuration before attempting to upgrade to 4.1.4. I have used clean.exe to remove a failed 4.1.4 install and then reinstalled 4.1.1. Although the reinstallation did spot that a previous installation hadn't completed, and offered to import the configuration (which presumably had been stored outside of the "CiscoSecure v4.1" Program folder)?

Also, my installation appears to be authenticating users against a Windows 2000 AD without the 'CISCO' Computer Account in AD (referred to in the Post-Installation notes). This installation is running on two Windows 2000 Domain Controllers.

To work around the issues with 4.1.1 to 4.1.4 upgrades, I found the best solution was to not elect to start the ACS services at the end of the 4.1.1 upgrade, and then apply 4.1.4. The other way is to set the services to Manual and reboot before applying the 4.1.4 upgrade as this ensures the rad_mon.dll and tac_mon.dll files are not in use.

I upgraded both Primary and Secondary ACS servers from 3.2.3 to 4.1.4 (Patch 8) and all seemed to work until database replication corrupted the Secondary database (after the second replication) to the point where the CSACS services would fail to start. In the end I removed the 4.1.4 installation on the Secondary, and installed a 'clean' 4.1.4 and replicated the database to that.

Has anyone successfully patched to ACS-4.1.4.13.9 from any previous 4.1.4 version? ACS services fail to start when I apply it, so I'm questioning the patch (yes I stopped all ACS services first & even re-downloaded so it's not patch file corruption). I dropped down to ACS-4.1.4.13.8 & services run fine.

TIA

I did spot CSCsq00294 when performing a bug scrub for an upgrade to 4.1.4. Patch 9 came out just as I was testing the upgrade, so stuck at Patch 8.

ACS services unable to start after upgrade to patch ACS 4.1.4.13.9

Symptom:

ACS services not able to start after upgrade to patch 4.1.4.13.9

Conditions:

Navigate to ACS_INSTALL_DIR\bin\ from command prompt and execute "CSUpdate.exe -upgrade CSDB\upgrade.dat"

Workaround:

None

Please don't go for patch 9. There seems to be some issues with it.

Regards,

~JG

mmelbourne & JG - Thanks for confirming.

Regards,

S.H.

It looks like after this patch the previously defined NDG causes the CSAdmin service )and others) to fail. Actually the patch was suppose to fix one of the NDG related BUGs. It was too late for me, will try my backups

I see Patch 10 for CSACS 4.1.4.13 has now made it onto CCO. Patch 9 has been pulled.

Bug CSCsq52930 has been identified:

"With NDG, services are failing to start after upgrading to 4.1.4.13.9"

I would suggest to wait for a day or two before you install patch 10.

I have some new servers that I need to get from 4.1.1 to 4.1.4(13) Patch 1. The release notes state that 4.1.4 has to be installed prior to installing the 4.1.4(13).x patch. Reviewing this article makes me think this pre-req is NOT required. Now if I can go from 4.1.1 to 4.1.4, what is the recommended stable patch release? And, since 4.1.4(13) Patch 1 is no longer available, will this affect my replication? Or do I need to upgrade my existing ACS servers prior to doing a replication with the new servers?

For replication both servers should be exactly on same code/patch.

Your upgrade path would be

4.1.1---->4.1.4----->4.1.4 (patch)

For patch you can go for 5 or 6. I would suggest to check the release notes before you apply it.

Regards,

~JG

Do rate helpful posts

OK so now comes the stupid question on my part. Where is 4.1.4? All I see are 4.1.4 w/patches.

For that you need to open a TAC case. ACS softwares are not listed on CCO.

Regards,

~JG

Do rate helpful posts

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: