×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Replication not working

Unanswered Question
Mar 17th, 2009
User Badges:

We had an issue where the logs on the primary ACS server states that 03/17/2009 18:36:07 jones WARNING Cannot replicate to 'barnaby' - server not responding where jones is the primary and barnaby is the secondary. We have recycled power to both, stopped and started services, but yet nothing seems to work. We have put a laptop in the same Vlan as the secondary (on the same switch as well) and can ping a device in the same Vlan on the same switch as the primary. Both devices seem to function as far as our Unknown User Policy and external authentication and authorization, but we need for replication to work.


Any ideas?


Thanks


Dwane

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sahmedshahcsd Wed, 03/18/2009 - 00:29
User Badges:

Verify the following configurations on both primary and secondary ACS


On Primary ACS


1. Verify the send box is selected for appropriate replication components to be replicated to Secondary ACS


2. Verify Secondary ACS server is selected in Replication box under Partner


3. Verify Secondary ACS server is selected in Accept replication from box under Inbound Replication


On Secondary ACS


1. Verify the Receive box is selected for the same replication components from primary ACS


2.Verify Primary ACS server is selected in Accept replication from box under Inbound Replication


Note: Make sure the replication process is initiated on Primary ACS by clicking the "Replicate Now" on Primary ACS server.


HTH

dpatkins Wed, 03/18/2009 - 06:27
User Badges:

Does the secondary server need to have the primary listed in it's network devices? If so, that is an issue. However, I do have on the secondary server, to replicate from any known ACS server on the Inbound Replication.


All others are correct.


Thanks

Jagdeep Gambhir Wed, 03/18/2009 - 06:40
User Badges:
  • Red, 2250 points or more

Hi Dwane,


1) Make sure that you are not replicating over NAT. Replication over NAT does not work because the IP is used as part of the server authentication


2) Next, check to make sure that you are not sending or receiving the distribution table. On the primary server, the distribution table should not be checked in the send list, and on the secondary, the distribution table should not be checked for receive.


3) Then I would like you to check in the secondary server's partner list, to make sure that the primary is not listed. You should not enter the primary server into the partner list on the secondary server. However, the primary server should have all secondary servers listed in its partner list.


4) Ensure that the secondary server has it's replication scheduling set to "manual".


5) Please verify that your servers are all running exactly the same ACS version and build.


6) Also let me know if we have any firewall in between two acs servers.


Regads,

~JG


Do rate helpful posts


dpatkins Wed, 03/18/2009 - 07:07
User Badges:

I appreciate the quick response.


1.) Not replicating over NAT.

2.) Distribution table was unchecked in both.

3. Primary is not listed in the secondary at all and secondary is check as partner in primary.

4.)Has been set to "manually".

5.)re-installed them with the same CD.

6.) no firewall.


Dwane


Jagdeep Gambhir Wed, 03/18/2009 - 07:40
User Badges:
  • Red, 2250 points or more

On secondary acs you should have primary listed under aaa-severs.


ACS--->System configuration---> Replication settings--->AAA severs "Primary should be listed"


Regards,

~JG


Do rate helpful posts

dpatkins Wed, 03/18/2009 - 11:52
User Badges:

Afternoon all.


I spoke with Cisco TAC about this incident and it appears that if the ACS SE appliances disables or enable the NIC, it creates a loopback address. Both primary and backup had loopback, 127.0.0.1 addresses in their network devices.


The link that explains it is:


http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&from=myNotification&bugId=CSCso39795


and the fix is obviously remove the loop back addresses. While that is fine and easy on a windows based system, it does not work so well on an appliance. Had to back up the device, the TAC person, removed the loopback, then had to restore just the system data.


Replication is up and running now fine now.


The patch is Acs-4.2.0.124.9. You would need to patch both Appliance and ACS agent if you have it.


Thanks to all for their input.


Dwane

Actions

This Discussion