05-25-2010 08:47 AM - edited 03-10-2019 05:09 PM
I am currently running 3.3 and TAC will not support it. I am working to upgrade to 4.2 soon (software has been sitting around for 2 years from my predecessor). My big issue that can't wait until the upgrade is:
Anytime I replicate from my Primary server, it will change any Juniper BXR devices' "authenticate using" from Juniper to Marconi. I have to go in and manually change all of them back after a replication. So I turned auto-replicate off, but in prepping for the upgrade (organizing groups, cleaning up users, correcting permissions etc.) Its causing a lot of problems.
Anyone have a clue?
Ryan
05-25-2010 09:08 AM
This suggests a database corruption issue. Do you have a spare ACS server where you can restore a current backup from the production server,
and test?
Also, which ACS is changing the authentication type, the primary or the secondary?
05-25-2010 09:27 AM
This suggests a database corruption issue. Do you have a spare ACS server where you can restore a current backup from the production server,
and test?
We have multiple sites (6 servers). The primary will replicate to them and I make all changes on the primary. The error only occurs on 2-3 of the secondary servers.
Also, which ACS is changing the authentication type, the primary or the secondary?
Secondary
05-25-2010 09:29 AM
Two thoughts come to mind:
Re-image the affected secondaries
Restore on the affected secondaries a backup from one of the not-affected secondaries
The idea here is to start with a known good database, either empty or from an ACS without the problem.
05-25-2010 10:49 AM
Ok, corruption issue and re-imaging makes sense. I've never done that and upgrading is going to be my first attempt with a server. I was hoping upgrading would fix it anyway...
Is there a way to login (web) and overwrite the secondary with a good secondary or the primary? Do I have to go through the entire "reformat" the appliance (not sure if I mentioned it the appliance not a windows server) to accomplish this? Or is there another way?Thanks again,
Ryan
05-25-2010 10:52 AM
Restoring a backup from one of the known good secondaries can be done entirely via the GUI, you just need an FTP server as the repository for the backup saveset.
Re-imaging the appliance requires physical access to it.
06-14-2010 06:37 AM
Ok, sorry for the delay. I upgraded all of the servers and am still having the replication issue. I was able to dig up some info on it though. I found that if the VSA's under Interface Configuration do not match...then it will cause my issue. On one bad server I was missing a VSA (Marconi) and the other has all of the primaries but is in a different order. Apparently it checks by slot. So if a VSA is in a slot that that it expects to dind say Laurel but finds Marconi...it will change the "authenticate using" box in the NDG devices. I was able to add the missing VSA to the one....but cannot figure out how to change the order. When I added the VSA to the one having missing issues....it put it in the middle of the order...so no rhyme or reason.
I was wanting to try deleting them all and then red-adding them...but knowing it puts them in a random (so it appears to me) I don't think it will help. Our Cisco rep said the GUI display of the order is not accurate anyway. He said the actual slot order is in the database...which I don't know how to see. I know you can change the slot number in the CSV when you add a device....but I don't know the numbering scheme for the slots. Cisco said 1-10 is taken by default?Help?Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide