cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
35408
Views
10
Helpful
47
Replies

ACS 5.3

ewood2624
Level 5
Level 5

Has anyone updated to ACS 5.3 yet? If so, any complications?

Sent from Cisco Technical Support iPad App

47 Replies 47

larsen_2011
Level 1
Level 1

Hi,

yes, I upgraded from 5.2 to 5.3 and have following problems:

Network connectivity error when trying to access the "vendors" and "network devices" sites in the web gui

System error when trying to edit an internal user...

No change after installing backup.

Did it on two different ACS - same problem.

I will now try a complete reimage...

I'm hoping not to have to reimage the appliance.  Keep us posted on if you find any other issues.

Chris Jackson
Level 4
Level 4

I upgraded.  running the 5.3.0.40 version.  I seem to have an issue specific to MSNPAllowDialin=True string when using AD  I can validate group membership but the directory attributes seem to cause problems.

I remember reading that one of the new features on the release notes had something to do with Dial-In Attribute Support:

Dial-In Attribute Support

The Dial-In Attribute feature enhancement includes:

• Dial-in permissions

You can allow, deny, and control access of dial-in permissions of a user. The permissions are

checked during authentications or queries from Active Directory. It is set on the Active Directory

dedicated dictionary.

• Callback

You can set up callback options. The server calls the caller back during the connection process if

this option is enabled. The phone number that is used by the server, is set either by a the caller or

the network administrator.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/release/notes/acs_53_rn.pdf

I upgraded using the upgrade support bundle, from 5.1 to 5.2 to 5.3. No issues upgrading, but the tabs under the Dashboard disappeared when trying to access in both IE8 and Firefox. So brought appliance back to 5.1 factory and used upgrade bundle to go form 5.1 to 5.3. No issues upgrading, Dashboard back and fully functional.

I am seeing strange behavior though from my 7945 Cisco IP Phones. When they authenticated in 5.1 no issues. In 5.3 they authenticate and then a minute later fail with error 5411 EAP session timed out. When I check the phone works fine and appears authenticated on the switch. So the failure might be a bogus message but not sure. has anyone had this issue in 5.3??

dal
Level 3
Level 3

Hi.

I upgraded using the bundle.

But now the Process status info tells me this:

View-database:  Does not exist 

View-logprocessor: not monitored 

At the same time, i have this message in the Alarms Inbox:

The View 5.2database has been upgraded to 5.3 and is ready for activation.

So the question is: How do i activate it?

Edit:

After another reload of the server, the view-database has now status of running.

But the view-logprocessor is still not monitored.

What does not monitored mean?

And the Cisco ACS View Dashboard is empty, but I guess thats related?

What now?

Thanks

Go to following link:

Monitoring and Reports->Launch Monitoring & Report Viewer
then

Monitoring Configuration > System Operations > Data Upgrade Status

Should be an option there to see status of upgrade and activate the database

Hi, and thanks for answering.

I see the Data Upgrade Status, and it says Upgrade completed successfully.

But other than that, the page is completely empty. No buttons, no link, nothing exept that short message.


There should be an option to "Switch Database". I thought it was on this page.

Well, it's not.

Luckily, our ACS runs on VMWare, so it was easy to revert back to v5.2.

Crap. Cannot have a radius server without a working log service. So it stays v5.2 until maybe some of the ACS programmers can answer this?

Thanks.

Some updates.

First my mistake and there is no longer a "Switch Database" option after the upgrade

Second there is a patch available for ACS 5.3 (patch 1 - 5-3-0-40-1) that includes a fix for the following issue as taken from the release notes

CSCtu15651    ACS view upgrade failure

  This issue occurred during application upgrade from 5.1 or 5.2 to 5.3. After upgrade view-logprocessor is not started. The customer is advised to install this patch if view data upgrade was failed. The upgrade procedure happens successfully when the service is restarted at time of patch installation.

I got it up and running now.

I reverted back to v5.2. After I did that, I found out the clock wasn't set right.

After i synced it against our NTP server, I tried upgrading again, and this time I had no problems.

I still had to build the Dashboard manually, though.

Maybe this is the problem for some of you others here too?

We are having this same issue after upgrading from 5.1 to 5.2 and I have not been able to get it resolved.  We are using the 1121 physical server appliance so no way to go back.  I just cannot figure out why that 'view log-processor' will not go to Monitored. Without it, we appear to have no visibility to the reports.  We are seeing the following in the contents of the associated log file if anyone can make sense of it.

Oct 18 2011 16:42:36 com.cisco.nm.acs.view.collector.Main.main(Main.java:117) INFO main Acs.MGMT.ACSVIEW Log processor initializing...

Oct 18 2011 16:42:36 com.cisco.nm.acs.view.collector.Main$ShutdownListener.run(Main.java:160) DEBUG ShutdownListener Acs.MGMT.ACSVIEW Listening for shutdown

Ayhan Guec
Level 1
Level 1

Hi,

after a upgrade from version 5.2 to 5.3 using Application Upgrade Bundle we face following problems:

#show application status acs

ACS role: PRIMARY

Process 'database' running

Process 'management'  running

Process 'runtime' running

Process 'adclient' running

Process  'view-database' running

Process 'view-jobmanager' running

Process  'view-alertmanager' running

Process 'view-collector' running

Process  'view-logprocessor' Restarting

After a while:

Process 'database' running

Process 'management' running

Process 'runtime'  running

Process 'adclient' running

Process 'view-database'  running

Process 'view-jobmanager' running

Process 'view-alertmanager'  running

Process 'view-collector' running

Process 'view-logprocessor' not  monitored

Any ideas what could be the reason for this behaviour and how to fix it?

After the upgrade we get also this error in the "Cisco Secure ACS View":

"Data Upgrade Failed. Click here to view details"

Internal Error. Please see  below: An unexpected error has occured. If this error continues, please contact  Cisco Technical Assistance Center Error Type ACS Server Exception Error  Summary

java.lang.NullPointerException

Error Cause

Possible  Workaround

An unexpected error has occured. If this error continues, please  contact Cisco Technical Assistance Center View Stack Trace Hide Stack Trace  Server Stack Trace  java.lang.NullPointerException

com.cisco.nm.acs.view.ui.actions.logrecovery.LogRecoveryAction.loadLogRecoveryConfig(LogRecoveryAction.java:66)

sun.reflect.NativeMethodAccessorImpl.invoke0(Native  Method) sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)  sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)  java.lang.reflect.Method.invoke(Unknown  Source)

org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:270)

org.apache.struts.actions.DispatchAction.execute(DispatchAction.java:187)

org.apache.struts.actions.MappingDispatchAction.execute(MappingDispatchAction.java:169)

org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)

org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)

org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)

org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)

javax.servlet.http.HttpServlet.service(HttpServlet.java:617)

javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

com.cisco.nm.acs.view.ui.utils.HttpDataValidationFilter.doFilter(HttpDataValidationFilter.java:41)

org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

org.ajaxanywhere.AAFilter.doFilter(AAFilter.java:46)

org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

com.cisco.nm.acs.view.ui.utils.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:26)

org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)

org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)

org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)

org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:421)

org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)

org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)

org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)

org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)

java.lang.Thread.run(Unknown  Source)

It seems that the applet class is not found in the specified path to run. I remember that cumulative patches for version 5.1 fixed this problem. Are there any patches for version 5.3 available ?

It would be great if you could provide me a solution / workaround

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: