TACACS Replication Issue

Unanswered Question
Jul 14th, 2008
User Badges:

Trying to replicate from Master TACACS server to TACACS3 and started gettin this error:

07/14/2008 09:39:52 s0adcciscosec1 WARNING ACS 's0adcciscosec3' not replied to replication request - possibly short timeout or dead ....

Time out is set for 10 mins on AISCISCOSEC3. We have two other servers in replication with the Master and they are working fine.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Mon, 07/14/2008 - 07:14
User Badges:
  • Red, 2250 points or more

Randy,

Please make sure that replication is setup correctly.


1) Make sure that you are not replicating over NAT. Replication over NAT does not work because the IP is used as part of the server authentication


2) Next, check to make sure that you are not sending or receiving the distribution table. On the primary server, the distribution table should not be checked in the send list, and on the secondary, the distribution table should not be checked for receive.


3) Then I would like you to check in the secondary server's partner list, to make sure that the primary is not listed. You should not enter the primary server into the partner list on the secondary server. However, the primary server should have all secondary servers listed in its partner list.


4) Ensure that the secondary server has it's replication scheduling set to "manual".


5) Please verify that your servers are all running exactly the same ACS version and build.


6) Also let me know if we have any firewall in between two acs servers.



Regards,

~JG


Do rate helpful posts

rice.randy Mon, 07/14/2008 - 09:18
User Badges:

Additional info: from Master (s0adcciscosec1)

07/14/2008 12:57:31 s0adcciscosec1 INFO Replication to ACS 's0adcciscosec2' was successful

07/14/2008 12:56:43 s0adcciscosec1 INFO Replication to ACS 'n0brtciscosec1' was successful

07/14/2008 12:55:59 s0adcciscosec1 INFO Outbound replication cycle starting...

07/14/2008 12:42:15 s0adcciscosec1 INFO Replication to ACS 's0adcciscosec2' was successful

07/14/2008 12:41:19 s0adcciscosec1 INFO Replication to ACS 'n0brtciscosec1' was successful

07/14/2008 12:39:39 s0adcciscosec1 INFO Outbound replication cycle starting...

07/14/2008 11:40:50 s0adcciscosec1 INFO Outbound EAP-FAST Master Key replication cycle completed

07/14/2008 11:40:50 s0adcciscosec1 WARNING Cannot replicate to 's0adcciscosec3' - server not responding

07/14/2008 11:40:35 s0adcciscosec1 INFO Replication to ACS 's0adcciscosec2' was successful

07/14/2008 11:40:12 s0adcciscosec1 INFO Replication to ACS 'n0brtciscosec1' was successful

07/14/2008 11:39:45 s0adcciscosec1 INFO Outbound EAP-FAST Master Key replication cycle starting...

07/14/2008 11:25:05 s0adcciscosec1 INFO Replication to ACS 's0adcciscosec2' was successful

07/14/2008 11:24:19 s0adcciscosec1 INFO Replication to ACS 'n0brtciscosec1' was successful

07/14/2008 11:23:38 s0adcciscosec1 WARNING ACS 's0adcciscosec3' not replied to replication request - possibly short timeout or dead

07/14/2008 11:23:27 s0adcciscosec1 INFO Outbound replication cycle starting...


AdditionalInfo from Secondary (s0adcciscosec3)

07/14/2008 12:57:30 s0adcciscosec3 INFO Inbound database replication from ACS 's0adcciscosec1' started

07/14/2008 12:42:16 s0adcciscosec3 INFO Inbound database replication from ACS 's0adcciscosec1' started




In response to you prev post:

1. No NAT being used.

2. Unchecked the Distribution List boxes on both servers(Primary and Secondary), still failed.

3.Running same versions:

Master: Release 4.1(1) Build 23 Patch 4

Secondary :Release 4.1(1) Build 23 Patch 4

4. No firewalls

rice.randy Tue, 07/15/2008 - 05:39
User Badges:

4) Ensure that the secondary server has it's replication scheduling set to "manual".


The secondary is set to manual replication



6) Also let me know if we have any firewall in between two acs servers.


No firewalls between servers

Jagdeep Gambhir Tue, 07/15/2008 - 06:37
User Badges:
  • Red, 2250 points or more

Rice,

Okay, then that must be running on multiple processors.


Please note that replication will not work incase your server is running on more then two processors.


Please check this bug id CSCsk12033


Regards,

~JG


Do rate helpful posts

rice.randy Wed, 07/16/2008 - 09:11
User Badges:

s0adcciscosec1 (Primary Server) Release 4.1(1) Build 23 Patch 4


s0adcciscosec3 (Secondary) Release 4.1(1) Build 23 Patch 4


Primary Server

Windows 2003 Server SP1


Secondary Server

Windows 2003 Server SP2


No changes or modifications that I know of.

rice.randy Wed, 07/16/2008 - 09:17
User Badges:

We have two other Secondary Servers that are replicating fine and They are Windows 2003 Server SP1


Jagdeep Gambhir Wed, 07/16/2008 - 10:36
User Badges:
  • Red, 2250 points or more

Randy,

SP is not a issue. How many processors we have on non working acs. You can check it by Start--->Run--->msinfo32 ..


This file will show the no. of processors. If this is more then two, then we are hitting that bug.



Regards,

~JG

siva_mps Wed, 01/21/2009 - 01:44
User Badges:

I have the same problem but i am using ACS V3.3. There is site to site VPN tunnel configured using ASA between the ACS.

Actions

This Discussion