ACS upgrad question

Answered Question
Feb 2nd, 2009

I am getting ready to upgrade two ACS servers and I have a couple of questions. Both servers are running 4.0.27 and I am going to take them to the latest revision. I have all the files and the proper patches that are needed based on all I read in the release notes. My questions are:

1. As long as I leave one ACS running, is it a problem to down the other for upgrade?

2. Will all current server certificates that are installed stay or will they need to be re-applied after the upgrade?

3. Current certificate is issued by an IAS server and is going to expire soon. What is the procedure for me to apply the new certificate?

Thanx, Seth

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Ivan Martinon Mon, 02/02/2009 - 17:54

Hi Seth, Before applying any upgrade to yoru boxes make sure you save a backup of your configuration with the backup feature of ACS.

1. If you leave one ACS running you can make the upgrade of the other device without having issues, make sure you point all of your NAS (routers switches and so) to the active ACS.

2. All the system settings will remain on the box regardless of the upgrade, so certificates should stay.

3. You will need to regenerate a re enrollment request to your IAS before your Cert expires since you need to have the ACS generate the private key.

srosenthal Tue, 02/03/2009 - 05:16

Thank you for the information.

Are you or anybody else able to provide more information on the last item? Do I get the ACS to do a re-enrollment request? Does the private key generate by itself once I get the cert?


srosenthal Wed, 02/04/2009 - 08:13

I am trying to do the upgrade and am running into a problem. When I try to extract the zip file as instructed in the readme notes I get a message asking me to provide a password to overwrite the files.

Any idea what the password is?


srosenthal Wed, 02/04/2009 - 08:47

Well, here is another bump in the road. It seems that our backup ACS server is actually down. Not sure why, but we found this out after we downed the primary ACS server. I cannot get the ACS service started for some reason.

My question is this, if I remove the ACS software, do a re-install of the same version. Get the basic configs into it and then do a database replication from the primary. Will the database replication also replicate certificates that have been installed?



This Discussion