Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1171
Views
0
Helpful
3
Replies

Problem with Cisco ACS Replication

ronmarcojr
Level 1
Level 1

‎02-24-2009 12:59 AM - edited ‎03-10-2019 04:21 PM

We recently encountered problems with the database replication of our ACS servers -- Server1 and Server2 (separate location).

The last successful replication was last midnight of 02/22/2009 and started to fail at around 18:17 hours of the same date.

However ICMP (ping) is successful between the two devices.

error is: "Cannot replicate to 'server2' - server not responding.

Can you help me with this?

Thanks!

Labels:
0 Helpful
3 Replies 3

ronmarcojr
Level 1
Level 1

‎02-24-2009 01:36 AM

These are the reports from ACS:

DATE:02/22/2009 - TIME:00:00:05 - STATUS:Info - MESSAGE:Outbound replication cycle starting...

DATE:02/22/2009 - TIME:00:00:29 - STATUS:Info - MESSAGE:Replication to ACS 'PCGAU2001' was successful...

DATE:02/22/2009 - TIME:00:00:29 - STATUS:Info - MESSAGE:Outbound replication cycle completed...

DATE:02/22/2009 - TIME:18:17:17 - STATUS:Warning - MESSAGE:Cannot replicate to 'PCGAU2001' - server not responding...

I need a little help in here please. Thanks. =)

0 Helpful

Roble Mumin
Level 3
Level 3
In response to ronmarcojr

‎02-24-2009 01:22 PM

If you happen to have an ASA, FWSM or PIX between the ACS Servers make sure that the "skinny inspection" is disabled on those firewalls.

I had similar errors after moving the ACS'es behind my FWSM's and it was indeed the skinny inspection from the firewall which messed up my replication.

Both skinny and the database replication use tcp 2000 and therefore the firewall thinks its seeing voice traffic and corrupts your packets. At least that was the problem in my case.

Following info from a doc focusing on ACS replication.

ACS Error - Cannot replicate to - server not responding - This error message appears in the replication report log when Database replication fails.This error is caused when Skinny Inspection is enabled as both Skinny protocol and Database replication in ACS uses same TCP port 2000. In order to resolve the issue, disable Skinny Inspection.

Source:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080742f60.shtml#prs

Hope it helps.

Roble

0 Helpful

ronmarcojr
Level 1
Level 1
In response to Roble Mumin

‎02-24-2009 05:51 PM

Thank you for your suggestion, but we don't have an ASA, only netscreen devices and we're not doing any inspection regarding skinny.. The only thing is before, it's working properly.. We just don't know why we have come up to an ACS Error like this..

Do you have any other way to solve this? Also the possible cause of this error? I'll gladly appreciate your help..

Thanks so much! =)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents