cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1816
Views
0
Helpful
6
Replies

Unable to restore ACS server

Cisco Freak
Level 4
Level 4

Hi All,

I was trying to a config restore from a TFTP server, but it fails.

vic-acs01/admin# acs restore ACE-Config-160922-1542.tar.gpg repository Repository
Restore requires a restart of ACS services. Continue? (yes/no) yes
Initiating restore. Please wait...
% restore in progress: Starting Restore...10% completed
% restore in progress: Retrieving backup file from Repository...20% completed
gpg: decrypt_message failed: Unknown system error
tar: This does not look like a tar archive
tar: backup/appcomponent/db/acs.db: Not found in archive
tar: backup/appcomponent/db/acs*.log: Not found in archive
tar: Exiting with failure status due to previous errors
% restore in progress: Decrypting backup data...25% completed
% Error: Failed to perform ACS restore: The backup file decryption failed. Wrong encryption key or corrupted download from repository)

vic-acs01/admin# sh restore history
Thu Nov 10 20:06:16 PST 2016: restore ACE-Config-160922-1542.tar.gpg from repository Repository: error - acs script error
Thu Nov 10 20:19:37 PST 2016: restore ACE-Config-160922-1542.tar.gpg from repository Repository: error - acs script error
Thu Nov 10 20:28:36 PST 2016: restore ACE-Config-160922-1542.tar.gpg from repository Repository: error - decrypt failed
Thu Nov 10 20:30:11 PST 2016: restore ACE-Config-160922-1542.tar.gpg from repository Repository: error - decrypt failed
Thu Nov 10 20:34:00 PST 2016: restore ACE-Config-160922-1542.tar.gpg from repository Repository: error - decrypt failed
vic-acs01/admin#

vic-acs01/admin# sh run | b repo
repository Repository
url tftp://10.10.79.13/
!

vic-acs01/admin# sh repository Repository
% Protocol does not support listing directories
vic-acs01/admin#

Any help would be appreciated.

CF

1 Accepted Solution

Accepted Solutions

Hi CF,

Yes, you can add another repository.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

View solution in original post

6 Replies 6

Kanwaljeet Singh
Cisco Employee
Cisco Employee

Hi CF,

Are you sure you are using the same key for decryption which you had used while taking the backup?

Also, show repo <repo name> will only list directories if the protocol type is FTP.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Hi Kanwal,

Its not giving me any option to enter any password. How should I enter the password?

CF

Hi CF,

Apologies. I didn't notice that you were not prompted for it. But i quickly tested it in mine:

acs56/admin# acs restore test_config-161111-1419.tar.gpg repository Kanwal_FTP
Restore requires a restart of ACS services. Continue?  (yes/no) yes
Initiating restore.  Please wait...
% restore in progress: Starting Restore...10% completed
% restore in progress: Retrieving backup file from Repository...20% completed
Please enter backup decryption password [8-32 chars]:

And i do get prompted for it once it has reached 20% of the process.

It would first retrieve the file and then try to decrypt it. And it seems even before it tries to decrypt, there is something which is causing it to error out.

I would suggest a different FTP server and if same issue, we might need to look at the logs from ACS side.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Hi Kanwal,

I don't know if I can use a different TFTP/FTP server because the configuration of the repository is mapped to the IP address:10.10.79.13

Or can I just add one more Repository config in the running-config and try from that new TFTP config?

vic-acs01/admin# sh run | b repo
repository Repository
url tftp://10.10.79.13/
!

CF

Hi CF,

Yes, you can add another repository.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Thanks Kanwal!

I added another repository and copied the file to that TFTP server. And it worked!

CF

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: