cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
754
Views
0
Helpful
6
Replies

DB replication Problem

quesne02
Level 1
Level 1

I am running ACS and are rehosting one of our machiens to a VM. Since is it our master that we are rehosting, I would like to first sync to the new VM from them physical box.

All services are up on the VM instance, but syncing the DB does not happen as the reported service is not running.

Been looking at the available doc and the only proboble cause for this to happen is if there is a FW in between and to remove skinny inspection.

There is no FW in between either machine, just on different segment. Would there be any other reason this would happen ?

1 Accepted Solution

Accepted Solutions

It seems to be firewall issue. Do you see any hits on secondary acs ?

If no that it seems to be a firewall issue.

View solution in original post

6 Replies 6

Jagdeep Gambhir
Level 10
Level 10

Here is the ACS replication check list, please verify in your ACS configuration to see if DB replication is set up correctly.

1) Make sure that you are not replicating over NAT. Replication over NAT does not work because the IP is used as part of the server authentication

2) Next, check to make sure that you are not sending or receiving the distribution table. On the primary server, the distribution table should not be checked in the send list, and on the secondary, the distribution table should not be checked for receive.

3) Then I would like you to check in the secondary server's partner list, to make sure that the primary is not listed. You should not enter the primary server into the partner list on the secondary server. However, the primary server should have all secondary servers listed in its partner list.

4) Ensure that the secondary server has its replication scheduling set to "manual".

5) Please verify that your servers are all running exactly the same ACS version and build. You can verify this at the bottom of the screen when you first login to CSAdmin.

Regards,

~JG

Do rate helpful posts

1) Not Nat involved, all straight coomunication

2) Unchecked on both sides. They were checked

3) Checked also. Removed all servers from the secondary server

4) Checked

5) Same version.

But I still have an issue on replicating with the error message "server not reponding" on the master server.

It seems to be firewall issue. Do you see any hits on secondary acs ?

If no that it seems to be a firewall issue.

Hi,

Looks like you are bot getting any error message on the secondary server.

Please set the level of loggin to full.

under system configuration > level full.

Then reproduce the issue > copy the time stamp from the database replication logging area > now go to the install directory of ACS > Like this C:\Program Files\CiscoSecure ACS v4.2\CSAuth\Logs

Open the file > AUTH.log file (the active one)

Now search with a time stamp you will see below listed error:

Comms lib:Failed to get SERVICE_NEGOTIATED

message during connect phase, rc = 10054

DBReplicate(OUT) cannot sync with ACS

psc1b1cacs01 - server not responding

If you are getting above mentioned error message then I'm sure that there is a firewall in btwn.

HTH

JK

Pla rate helpful posts-

~Jatin

Jatin Katyal
Cisco Employee
Cisco Employee

Hi,

Are you getting any error message on the secondary ACS? If not that clearly indicates that there is a firewall in btwn blocking TCP 2000 port.

If you are getting error on the secondary box, please let me know.

You would see this under ACS > reports and activity > database replication.

Apart from this you may go through this link:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080742f60.shtml

HTH

JK

Plz rate helpful posts.

~Jatin

Thanks guys.... good old code 18.... Hate being my own Firewall....

Wrong IP entered in the network section for the server on both ends.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: