Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
649
Views
0
Helpful
2
Replies

CSA MC 6.0 high Availability

Sergey Tregubov
Level 1
Level 1

‎03-30-2010 06:55 AM - edited ‎03-09-2019 10:53 PM

Hello,

i heard about CSA MC 6.0 high Availability solution, but we can't realize it.

Is it possible to make a reserve CSA server, we are planning to use it in branch office?

Thank you

Labels:
0 Helpful
2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

‎03-30-2010 06:33 PM

Here is the white paper on CSA MC 6.0.1 High Availability for your reference:

http://www.cisco.com/en/US/docs/security/csa/csa601/white_papers/Management_Center_for_Cisco_Security_Agent_High_Availability_White_Paper.pdf

Hope that helps.

0 Helpful

Sergey Tregubov
Level 1
Level 1
In response to Jennifer Halim

‎03-31-2010 05:57 AM

Thank, but this is not acceptable, its too rich.

Will it work:

I will make a backup of a main server, and then restore this backup on a reserve csa server.

So on the reserve server i will have all information from main server, server names are the same, ip addresses are the same.

I thought that agents wil connect without any problems, but they dont.

ailed transaction, url=https://csa-mc:5401/csamc60/agent, curlerr=60 (SSL certificate problem, verify that the CA cert is OK). Check if agent and CSAMC system times are totally unsynchronized. Or you can use a browser to open the certificate file (sslca.crt) and see if the 'Valid From' date-time of the certificate is later than this host system date-time. Adjust the system time to fix it.
237: testarm1: Mar 31 2010 16:33:23.781 +0400: %CSA-4-MC_NOT_REACHABLE: %[Component=Csamanager][PID=1136]: conn_check: Failed to reach mgmtserver csa-mc:5401 via HTTPS. Will try again in 9 secs
238: testarm1: Mar 31 2010 16:33:32.812 +0400: %CSA-4-AGENT_CURL_ERROR: %[Component=Csamanager][PID=1136]: Failed transaction, url=https://csa-mc:443/csamc60/agent, curlerr=60 (SSL certificate problem, verify that the CA cert is OK). Check if agent and CSAMC system times are totally unsynchronized. Or you can use a browser to open the certificate file (sslca.crt) and see if the 'Valid From' date-time of the certificate is later than this host system date-time. Adjust the system time to fix it.
239: testarm1: Mar 31 2010 16:33:32.812 +0400: %CSA-4-MC_NOT_REACHABLE: %[Component=Csamanager][PID=1136]: conn_check: Failed to reach mgmtserver csa-mc:443 via HTTPS. Will try again in 12 secs
240: testarm1: Mar 31 2010 16:33:44.812 +0400: %CSA-5-IP_CHECK_OK: %[Component=Csamanager][PID=1136]: conn_check: ip config: ok. one local address is 10.11.0.41
4: testarm1: Mar 31 2010 16:33:44.812 +0400: %CSA-5-FAILED_SEND_FASTPOLL: %[Component=AgentUI][PID=3808]: Failed to send event with code 648
241: testarm1: Mar 31 2010 16:33:44.812 +0400: %CSA-6-MC_DNS_LOOKUP: %[Component=Csamanager][PID=1136]: conn_check: dns      : resolved mgmtserver name csa-mc to 10.11.0.2
242: testarm1: Mar 31 2010 16:33:44.812 +0400: %CSA-5-MC_REACHABLE_CHECK: %[Component=Csamanager][PID=1136]: conn_check: https    : mgmtserver is not reachable via https
243: testarm1: Mar 31 2010 16:33:44.812 +0400: %CSA-5-CONNCHECK_CMPLT: %[Component=Csamanager][PID=1136]: conn_check: finished

can anyone help, please.?

as i understood, there is a problem with ssl certificate, agents have a root certificate (old server), but old server is unreachable and there is a new server with another root certificate.

0 Helpful
Customers Also Viewed These Support Documents