DB replication Problem

Answered Question

I am running ACS and are rehosting one of our machiens to a VM. Since is it our master that we are rehosting, I would like to first sync to the new VM from them physical box.


All services are up on the VM instance, but syncing the DB does not happen as the reported service is not running.


Been looking at the available doc and the only proboble cause for this to happen is if there is a FW in between and to remove skinny inspection.


There is no FW in between either machine, just on different segment. Would there be any other reason this would happen ?

Correct Answer by Jagdeep Gambhir about 7 years 4 months ago

It seems to be firewall issue. Do you see any hits on secondary acs ?


If no that it seems to be a firewall issue.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jagdeep Gambhir Mon, 10/26/2009 - 13:23
User Badges:
  • Red, 2250 points or more

Here is the ACS replication check list, please verify in your ACS configuration to see if DB replication is set up correctly.


1) Make sure that you are not replicating over NAT. Replication over NAT does not work because the IP is used as part of the server authentication


2) Next, check to make sure that you are not sending or receiving the distribution table. On the primary server, the distribution table should not be checked in the send list, and on the secondary, the distribution table should not be checked for receive.


3) Then I would like you to check in the secondary server's partner list, to make sure that the primary is not listed. You should not enter the primary server into the partner list on the secondary server. However, the primary server should have all secondary servers listed in its partner list.


4) Ensure that the secondary server has its replication scheduling set to "manual".


5) Please verify that your servers are all running exactly the same ACS version and build. You can verify this at the bottom of the screen when you first login to CSAdmin.



Regards,

~JG


Do rate helpful posts

Correct Answer
Jagdeep Gambhir Mon, 10/26/2009 - 13:33
User Badges:
  • Red, 2250 points or more

It seems to be firewall issue. Do you see any hits on secondary acs ?


If no that it seems to be a firewall issue.

Jatin Katyal Mon, 10/26/2009 - 13:39
User Badges:
  • Cisco Employee,

Hi,


Looks like you are bot getting any error message on the secondary server.


Please set the level of loggin to full.


under system configuration > level full.


Then reproduce the issue > copy the time stamp from the database replication logging area > now go to the install directory of ACS > Like this C:\Program Files\CiscoSecure ACS v4.2\CSAuth\Logs


Open the file > AUTH.log file (the active one)


Now search with a time stamp you will see below listed error:


Comms lib:Failed to get SERVICE_NEGOTIATED

message during connect phase, rc = 10054

DBReplicate(OUT) cannot sync with ACS

psc1b1cacs01 - server not responding


If you are getting above mentioned error message then I'm sure that there is a firewall in btwn.


HTH


JK


Pla rate helpful posts-

Jatin Katyal Mon, 10/26/2009 - 13:24
User Badges:
  • Cisco Employee,

Hi,


Are you getting any error message on the secondary ACS? If not that clearly indicates that there is a firewall in btwn blocking TCP 2000 port.


If you are getting error on the secondary box, please let me know.


You would see this under ACS > reports and activity > database replication.


Apart from this you may go through this link:


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080742f60.shtml


HTH


JK


Plz rate helpful posts.


Actions

This Discussion