Issue after ACS server migration

Unanswered Question
Sep 16th, 2010

Hi All,

            We had that ACS VM server that was loosing PING from time to time, after a bunch of unsuccessful troubleshooting. We have decided to rebuild the vm machine and migrate ACS from backup to the new server.

So the new server is built and migration was okey. Both machine were runing at the same time with the same cert! No new cert issued yet for the new server. After a patch install, the new server is no longer received auth request(anything doesn't show in the pass/failed auth logs). But the old server still receive the request,but client,mainly laptop, can't authen(log showing supliant didn't respond correctly to ACS, check suppliant ) while BLACKBERRY still able to auth with the old server just fine! Certs for BB were imported from Clients.

My question is: Do i need a new cert for the new server or can the new server will still able to use the cert for the old server. BTW the name of the server and IP add were changed during the rebuild which making me think to issue new cert for the it(just comon sense)?

Thanks,

JPE

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Javier Henderson Thu, 09/16/2010 - 09:18

It is not clear whether the new server is at the old server's IP address or not.

If it is at a new IP address, have you changed the configuration on your AAA clients (routers, switches, wireless access points, etc.) so they use the new ACS server?

Jean Paul Enerst Thu, 09/16/2010 - 09:53

All the IPs have been changed in all the device. Infact, all the device have the new server IP address as the primaire contact and the second server as a backup. It was working fine this way yesterday. The primary server got all the request and authicated all the client. According to the Server guys that build the server, it was a patch install yesterday evening and this patch suppose to get the new server OPERATIONAL. I don't really know what he means that operational.

Once again my question is, I do  i need a new cert for the server? Which I think makes sense,but I don't this is the only issue. With a cert issue, the server should still receive auth request,but all auth will fail with mentioned: auth fail during ssl handshake. But there is nothing in the logs, i triple check the log is enable!! For me this server does not receive the request come from the client!!

Thanks a bunch,

JPE

Actions

This Discussion