ACS 5.2 Migration utility fails on ACS 4.x Server ID

Unanswered Question
Dec 22nd, 2010
User Badges:

I am working through the migration from ACS 4.1.4 on Windows Server 2003 to ACS 5.2 on the appliance.  I have created the 4.1.4 migration server, installed the software and imported the data from our production ACS 4.1.4 box.  I downloaded the migration utility from the 5.2 ACS server and am attempting to run on the 4.1.4 migration server.  The question that fails is:


Enter ACS 4.x Server ID:


I do not know what this means and do not see anything on the 4.1.4 server that identifies the Server ID.  I try localhost and it does not work and the 4.1.4 server is not registered in DNS or I would try that  (and . are not valid characters in the ID so the IP does not work).


How have other people handled this question?  Is there something that can identify the local server ID?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Tiago Antunes Thu, 12/23/2010 - 00:32
User Badges:
  • Cisco Employee,

Hi,


The ACS server id is the hostname of the machine where ACS is running.

It does not need to be necessarily registered on the DNS. Please note that the server id is only to identify the migation data, it is not used for any DNS resolution.


If you go to System Configuration -> Service Control, you will see a header saying " CiscoSecure ACS on 'server_id' ".


Also, please make sure that you are not accessing the migration machine via RDP, as it will not work.


HTH,

Tiago


--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Robert Molina Tue, 04/15/2014 - 15:52
User Badges:

Tiago,

 

Thanks, I am migrating to a ACS 5.5 server and cisco documentation is not the clearest and it took me awhile and a lot of prayer to get to this point. I had the right ACS 4.x server id, but I was accessing via RDP. Much appreciated even after your post 3 years ago.

Robert

Arun More Fri, 04/25/2014 - 01:50
User Badges:

Hi robert,

We will be planning the migration from 4.2 to 5.5 tomorrow, have gone through all the documents by cisco. Still have some queries like will I be able to change the ip adds of the new 5.5 ACS, how does the data import will happen in 5.5 with migration utility. Lots of confusion ...if u can help me it will be great.

Regards,

Arun

 

Jatin Katyal Fri, 04/25/2014 - 02:02
User Badges:
  • Cisco Employee,

You mean the IP address of ACS gigabit interface? If that's what you meant than yes you can change the ip address. You're only migrating the application database from ACS 4.x to ACS 5.5 that includes the items listed in the below table.

ACS Elements that Migration Process Supports 

 
ACS 4.x Element
 
ACS 5.5 Element
 

AAA Client/Network Device

 

Network Device. See AAA Client/Network Device for more information.

 

Internal User

 

Internal User. See Internal User for more information.

 

User Defined Fields (within Interface Configuration section)

 

Identity Attributes/Internal User. See User Group for more information.

 

User Group

 

Identity Group. See User Group for more information.

 

Shared Shell Command Authorization Sets

 

Command Set. See Shared Shell Command Authorization Sets for more information.

 

User T+ Shell Exec Attributes

 

Identity Attributes/Internal User. See User Group for more information.

 

Group T+ Shell Exec Attributes

 

Shell Profile. See User Group Policy Components for more information.

 

User T+ Command Authorization Sets

 

Command Set. See User Group for more information.

 

MAC Authentication Bypass (MAB) Addressed

 

Internal Host Database. See MAC Addresses and Internal Hosts for more information.

 

Shared Downloadable Access Control List (DACL)

 

Downloadable ACL. See Shared DACL Objects for more information.

 

EAP-FAST Master keys

 

EAP-FAST Master keys. See EAP-Fast Master Keys and the Authority ID for more information.

 

Shared RADIUS Authorization Components

 

Authorization Profiles. See Shared RACs for more information.

 

Customer Vendor-Specific Attributes

 

Customer VSAs. See Customer VSAs for more information.

 

Max User Sessions

 

Maximum User Sessions. See Max User Sessions for more information.

 

Regards,

Jatin Katyal

*Do rate helpful posts*

Arun More Fri, 04/25/2014 - 03:27
User Badges:

Hi Jatin,

I have planned activity as follows,

Step 1 Install ACS 5.5 on SNS 3415-K9 ( Ignore if it is pre-installed)------download the migration utility from the same ACS 5.5 web interface  or from the DVD provided .

 

 

  1. To access the Migration Utility, download it from the ACS 5.5 web interface. To download migration application files:

Step 1 Choose System Administration > Downloads > Migration Utility.

The Migration from 4.x page appears.

Step 2 Click Migration application files to download migration.zip, which contains the application files you use to run the Migration Utility.

 

  1. Utility can be copied from the DVD migration.zip to migration machine

 

  1. Enable migration interface on target machine i.e. SNS3415-k9

 

acs config-web-interface migration enable

 

 

Step 2 Install Cisco Secure Access Control Server (4.2.1 with latest patches) for Windows on the migration machine.

 

 

Step 3 Back up the ACS 4.2 data on old ACS 4.2.1.-(Same latest patches should be in old ACS4.2.1)

 

 

Step 4 Restore the data in the migration machine.

 

Note that the backed up data needs to accessible from migration machine. Either data can be copied to migration machine or the migration machine needs to be connected in the same network.

 

 

Step 5 Run the Analysis and Export phase of the Migration utility on the migration machine.-------While executing the same all the ACS machines needs to be in reachable to each other.

 

Running the Migration Utility

Step 1 Open a command prompt and change directory to C:\Migration Utility\migration\bin.

You can specify any directory in which to install the Migration Utility. This example uses the Migration Utility as the root directory.

Step 2 At the command prompt, type migration.bat. To run the Migration Utility:

 

While running the migration tool ensure that all the required details are entered correctly.

Utility can be run multiple times and results can be verified.

 

Step 6 Import the data from the migration machine to the SNS 3415-K9 that has ACS 5.5 installed

Now my queries 1) I will be connecting all the machines in n/w -so IP has to be in same network, so i will not be able to use the old 4.2 ACS's IP If the same has to be used how the same can be achieved.

2) how exactly the migration utility works as there are no snapshots in document it only talks abt what it will analyse and what will be migrated, my worry is how do i import that validation passed or analysed data to 5.5.

3) While running setup on 3415 appliance what are mandatory fields and what are not.

Michal Breskovec Thu, 12/23/2010 - 05:31
User Badges:

Hello, according to my experience you can write there anything - it will only created subfolder with similar name under migration tool folder.

johnroman Thu, 12/23/2010 - 07:45
User Badges:


Tiago got it right:

Also, please make sure that you are not accessing the migration machine via  RDP, as it will not work.


The process works when using VNC but not with RDP to this virtual server. I think that is stated somewhere in the documentation, but I could not believe RDP would not work. 


Thanks for the responses.

jaimepedraza Mon, 05/09/2011 - 23:10
User Badges:

Hi,


I'm doing this process, but with a migration machine on vmware with S.O. W2K8 Stantard SP1. When I enter the option 1 (Analyze and Export), this is the result: "Fatal Error !! - cannot connect to ACS 4.x DB !!"


I have tried running the bat file as:


- Administrator

- Compatibility mode W2K3 SP1

- Compatibility mode Win XP SP2


None of the combinations of the options had worked. Any ideas?


Thank you in advance,

Michal Breskovec Mon, 05/09/2011 - 23:18
User Badges:

Hello, I have very good experience with combination: VirtualBox + Windows Server 2000. It is very simple environment with minimal things which can fail and working like charm.

jaimepedraza Tue, 05/10/2011 - 00:41
User Badges:

I found this in the log: Could it be a java issue?



5-10-2011 02:27:52 ACS4Connector.checkDBConnectivity(ACS4Connector.java:137)FATAL -  Fatal Error !! - cannot connect to ACS 4.x DB !!

java.sql.SQLException: [Sybase][ODBC Driver][Adaptive Server Anywhere]Database server not found


at ianywhere.ml.jdbcodbc.IDriver.makeODBCConnection(Native Method)

at ianywhere.ml.jdbcodbc.IDriver.connect(IDriver.java:354)

at java.sql.DriverManager.getConnection(Unknown Source)

at java.sql.DriverManager.getConnection(Unknown Source)

at com.cisco.nm.acs.mgmt.migration.ACS4Connector.getConnecter(ACS4Connector.java:66)

at com.cisco.nm.acs.mgmt.migration.ACS4Connector.checkDBConnectivity(ACS4Connector.java:133)

at com.cisco.nm.acs.mgmt.migration.MigrationApplicationCLI.runExport(MigrationApplicationCLI.java:605)

at com.cisco.nm.acs.mgmt.migration.MigrationApplicationCLI.main(MigrationApplicationCLI.java:266)

jaimepedraza Wed, 05/11/2011 - 20:03
User Badges:

Michal thank you for your comment, I tried with Win2K but I had too much trouble dealing with IE6, so I decided to try with a Win2K3 and it finally worked. The exact information of the VM is:



  • Vmware Fusion 3.1.2
  • Virtual machine with 1GB RAM and 8 GB HDD
  • Windows 2003 Enterprise Edition Service Pack 2 unpatched
  • ACS 4.2.0 124 Patch 11
  • Java JRE build 1.5.0_22-b03. As far as I checked, the migration tool uses its own java with version 1.5.


The S.O a.nd java versions tested that didn't work were the following :


  • Windows 2008 Standard Edition
  • Java 1.4
  • Java 1.5
  • Java 1.6


I established a VPN to the internal network of the customer from the VM, where the new and old server reside, and there were no issues.

H'ng Zhuang Sheng Sun, 05/17/2015 - 00:20
User Badges:

Hi,

 

I face one issues on this as well. During run the migration.bat. it keep show this error.

 

I am currently running on:

ACS version 4.1.1.24, window 2003 standard and jre 1.5.0.

Do you have any idea on the log error below?

i tried download activation and mail also have the same error.

 

05-15-2015 10:06:23 JavaUtils.isAttachmentSupported(JavaUtils.java:1308) WARN - Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled.
05-15-2015 10:08:50 JavaUtils.isAttachmentSupported(JavaUtils.java:1308) WARN - Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled.
05-15-2015 10:40:27 JavaUtils.isAttachmentSupported(JavaUtils.java:1308) WARN - Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled.

 

 

Regards,

Johnson

 

harshal.shahane Thu, 01/07/2016 - 10:05
User Badges:

Hello,


I am having the same issue while migrating fro 4.2.0.124 to 5.7.

I had  the same error "Fatal Error:- Fatal Error !! - cannot connect to ACS 4.x DB !!"

Thank you in advance

Harshal

Jatin Katyal Thu, 01/07/2016 - 10:35
User Badges:
  • Cisco Employee,

HI Harshal,

Make sure you've read this already. Also try to avoid VMware console.

You cannot use the remote desktop to connect to the migration machine to run the
Migration Utility. You must run the Migration Utility on the migration machine; or, use
VNC to connect to the migration machine”
harshal.shahane Thu, 01/07/2016 - 10:40
User Badges:

Hello jatin,

I am accessing the migration machine physically. 

Regards,

Harshal

Jatin Katyal Thu, 01/07/2016 - 14:33
User Badges:
  • Cisco Employee,

Make sure the migration interface is enabled on the ACS 5.x.

If that's done already, send me the file migration.logs

- Jatin

harshal.shahane Mon, 01/11/2016 - 22:01
User Badges:

Hello Jatin,

I tried reinstalling the ACS 4.2 on migration machine and then restoring the backup from the existing ACS. When I run the Migration utility I am getting the following logs:

 01-12-2016 11:24:29 JavaUtils.isAttachmentSupported(JavaUtils.java:1308) WARN - Unable to find required classes (javax.activation.DataHandler and javax.mail.internet.MimeMultipart). Attachment support is disabled.
01-12-2016 11:24:43 ACS4Connector.checkDBConnectivity(ACS4Connector.java:137)FATAL - Fatal Error !! - cannot connect to ACS 4.x DB !!
java.sql.SQLException: [Sybase][ODBC Driver][Adaptive Server Anywhere]Invalid user ID or password
at ianywhere.ml.jdbcodbc.IDriver.makeODBCConnection(Native Method)
at ianywhere.ml.jdbcodbc.IDriver.connect(IDriver.java:354)
at java.sql.DriverManager.getConnection(Unknown Source)
at java.sql.DriverManager.getConnection(Unknown Source)
at com.cisco.nm.acs.mgmt.migration.ACS4Connector.getConnecter(ACS4Connector.java:66)
at com.cisco.nm.acs.mgmt.migration.ACS4Connector.checkDBConnectivity(ACS4Connector.java:133)
at com.cisco.nm.acs.mgmt.migration.MigrationApplicationCLI.runExport(MigrationApplicationCLI.java:605)
at com.cisco.nm.acs.mgmt.migration.MigrationApplicationCLI.main(MigrationApplicationCLI.java:266)

PS: Migration interface is enabled on ACS 5.7 (Target Machine)

Alex Pfeil Mon, 03/09/2015 - 11:23
User Badges:

I just did an upgrade from ACS 4.2.0.127(12) to 5.6.  The ACS 4.2 server was on a Windows Server 2008 32-bit box.  We installed a Windows Server 2008 32-bit for the migration machine.  However, this did not work.  I tried everything - didn't work.  I finally had the server admin create a Windows Server 2003 32-bit machine. I connected with RDP and it did not work.  I installed VNC - and magic - it worked.

Key Points -

  • ACS 4.x for Windows - Windows Server 2008 32-bit did not work for me, but Windows Server 2003 did.
  • The documentation is correct that RDP does not work; VNC does work.
  • I installed the ACS 4.2 trial version - no license needed on the ACS 4.2 machine
  • The name of the ACS 4.2 server ID is answered in this discussion.

Thanks,

Alex

 

Actions

This Discussion

Related Content